[ previous ] [ next ] [ threads ]
 
 From:  Stephen Ronan <listsubs0506 at comcast dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Experience with iPig free VPN service?
 Date:  Tue, 27 Jun 2006 22:04:59 -0400
Hi
Does anyone have experience with a running the iPig 
<http://www.iopus.com/ipig/> Private Internet Gateway client software on 
multiple machines on a LAN all connecting through monowall to the iOpus 
servers? Does it work okay for you? iPig is a free VPN service. I'm 
wondering whether to encourage users of an open community wireless 
network to adopt it and would appreciate the opportunity to learn from 
prior experience. I was a little concerned that there might be some 
issues like those detailed below.
Thanks,
   - Stephen Ronan


Chris Buechler wrote:

> On 6/25/06, lists at dinplug dot com <lists at dinplug dot com> wrote:
>
>>
>> I would like to be able to enble the monowall PPTP server and at the 
>> same time make
>> outgoing PPTP VPN connections from Windows XP machines located on the 
>> local LAN.
>>
>
> This works fine, with one caveat.  Only one LAN machine can connect to
> a single remote PPTP server simultaneously.  You can have a thousand
> LAN machines connecting to a thousand different PPTP servers
> simultaneously, but not two LAN machines to the same remote PPTP
> server.  The NAT software used in m0n0wall can't track PPTP in this
> matter because GRE has no source/dest ports like TCP and UDP, and it
> doesn't do inspection of any packets at higher than layer 4.
>
>
>> I am running monowall v1.22 and I added a WAN firewall rule to pass 
>> all GRE packets
>> (any source any destination, allowing fragmented packets), is this 
>> the correct thing to
>> do?
>
>
> That's unnecessary.  That traffic will get let back in by the state 
> table.
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>