[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] PPTP change of behaviour in 1.3b2
 Date:  Fri, 12 Jan 2007 16:34:24 -0600
What firewall rules do you have defined for "PPTP VPN"?

Lonnie

On Jan 12, 2007, at 11:38 AM, Kasper Pedersen wrote:

> (Summary: I think the default outbound NAT rule doesn't include the  
> PPTP range)
>
> I _believe_ this has changed, but, don't shoot me more than once if  
> this is a lapse of memory, or a misunderstanding on my part:
>
> With the mono 1.2x setup at work I had set it up so that LAN was  
> 192.168.10.1/24, DMZ was 192.168.21.1/24, and set PPTP for  
> 192.168.22.3+192.168.22.128/28. That is, PPTP users would have '22'  
> addresses, and LAN users had '10' adresses. I could run a PPTP  
> session to work, I could access sites on internet, and the source  
> ip address was work's IP address.
>
> With 1.3b2 most everything still works, but PPTP clients can no  
> longer access sites on the internet. I then told it to use LAN  
> addresses (192.168.10.7+192.168.10.128/28) for PPTP, and now PPTP  
> clients _can_ access internet.
>
> When I PPTP into work with one machine, with the PPTP server set to  
> 192.168.22.128/28, and then attempt to ping my at-home external  
> interface, my at-home monowall drops a packet with source address  
> 192.168.22.128, as if the default-generated NAT rule doesn't apply  
> to outgoing packets with source address in the PPTP range (unless,  
> of course, the PPTP range is a subset of the LAN range)
>
> Puzzled.
>
> /Kasper Pedersen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>