[ previous ] [ next ] [ threads ]
 
 From:  David Moron <david dot moron at openwired dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP Problem
 Date:  Thu, 13 Jul 2006 09:26:42 +0200
Thank you everybody,

I've attached the monoweall status page and answered some mails all
together in order to be more efficient:

>Carsten:
> Would you please specify the IP of the computer you are connecting from
> to the PPTP server (NOT the IP of the logical PPTP interface).


I'm connecting from a windows laptop in a 10.0.0.0/24 network. The IP is
DHCP assigned.

>Mike:
>I don't know jack about PPTP,  but I can tell you that you seem to be
>using a /24 for your m0n0wall LAN,  but you list 192.68.0.192/28 as the
>'remote address range' which is only 14 hosts.  What would happen if
>you changed the workstations config to
>
>	IP: 192.68.0.192
>	mask: 255.255.254.0  (/24)
>	gateway: 192.68.0.192  or .208 (since that's the server)
>
>I can also say that 192.68.0.192/28 is .192 - 207, and 208 is
>technically outside of the subnet...  Course everything is outside of
>the subnet is a /32 (255.255.255.255)

The x.x.x.x/28 is hardcoded in monowall since it only supports 16 PPTP
simultaneus connections. The 28 Is not the netmask is a way to define a
range of IPs.

Monowall Documentation says about server address: "This can be an unused
IP on your LAN ..." and, as an example, defines Server Address
"192.168.1.254" and Remote Address Range "192.168.1.192".

About PPTP connection and the /32 subnet in the PPTP client: "It should
have an IP address that is in the range you defined for the PPTP Server.
It should also have the subnet of 255.255.255.255 and it will be using
itself as the default gateway. Just live with it; it is how it works."

>>Jai:

>I defined "pass all rules" in LAN and WAN interfaces but I'm still
>unable to access the LAN  :-(
>David,


> > Try a LAN rule to allow PPTP clients access to LAN subnet? Im pretty
sure
> > thats what I had to setup. Set it up as * * * * and then start
playing with
> > specific access thru certain ports etc
> >

I defined "form any to any" LAN and WAN rules but it does not work.


> Would you please specify the IP of the computer you are connecting from
> to the PPTP server (NOT the IP of the logical PPTP interface).
> 
> 
> David Moron schrieb:
>> Hi,
>>
>> I'm using monowall 1.22 and I'm trying to configure the PPTP access.
>> I can connect via PPTP to monowall correctly, I can browse through the
>> PPTP tunnel but I can't access the LAN workstations.
>>
>> All the traffic is allowed in the PPTP interface
>>
>> PPTP VPN Rules:
>> Proto Source Port Destination Port
>> *     *      *    *           *
>>
>> LAN IP: 192.68.0.254 (I know it's a public address but I'm not allowed
>> to change it)
>>
>> PPTP Config:
>> Enable PPTP Server
>> Server Address: 192.68.0.208
>> Remote Address Range: 192.68.0.192/28
>>
>> Traceroute from the PPT Client to 192.68.0.99 suceess only to the first
>> hop 192.68.0.208.
>>
>> Ping to the PPTP client IP from monowall on the LAN interface reports:
>> "ping: sendto: No route to host"
>>
>> Ping to the LAN workstation 192.68.0.99 from monowall works OK.
>>
>> ipconfig on the PPTP client:
>> PPP Adaptor:
>>     IP: 192.68.0.192
>>     mask: 255.255.255.255
>>     gateway: 192.68.0.192
>>
>> Has anyone an idea whats happening?
>>
>> Thak you in advance,
>>
>>   
> 

--
status.zip (17.4 KB, application/x-zip)