Michael Brown wrote:
> Basically, we have (2) sites that have m0n0wall. Each is using the
> built in PPTP which works great. Both use m0n0wall as a NAT/Firewall/VPN
> setup. The odd thing is, should one person from Company A do a VPN into
> Company B, it works. But, if Company B does a VPN into Company A while
> Company A is still VPN into Company B, they both cancel each other out
> and you have to restart m0n0wall at both locations to fix the problem.
This is a problem caused by PPTP VPN NAT sessions originating and
terminating at the same IP addresses.
You could confirm this next time you get the situation of multiple VPN
connections 'blocking' each other. Rather than restarting each firewall,
use the 'Reset State' option under the 'Diagnostics' menu and see if
that allows one person to reinitiate their PPTP VPN.
A possible work around would be assigning 1:1 NAT IP addresses to each
of the clients intiating the PPTP VPN, but for this to work your ISP
would need to assign multiple IP addresses to your internet connection.
This would mean that each VPN session would originate from unique IP
addresses and the sessions would not clash.
> Just to clarify, I'm not going VPN from m0n0wall to m0n0wall, but it's a
> computer behind the NAT doing a VPN across to each other that causes
> this to happen.
It seems that you are dismissing the obvious solution which is a
m0n0wall to m0n0wall IPSEC VPN. Is there a technical reason for this, or
is this to retain control over whom has inter-site access?