I have tried both 40bit and 128bit and it doesn't seem to matter. The
m0n0wall supports 128-bit just fine with local users, so it's something
funky with Radius that makes it have this issue. You may be right that
m0n0wall is creating a rule in the background we are not aware of. I
have a firewall rule that allows PPTP users to go anywhere, which also
works great with local users. I've dumbed down the client on XP to use
PAP and no encryption, but it doesn't seem to help.
Lee, I am not using Captive Portal. When I tried it with pfSense too, I
made a very vanilla configuration and it didn't work there either.
Now, for what it's worth, at work I once had a Watchguard Firebox which
is another m0n0wall/Sonicwall/Netscreen type of appliance. I believe it
ran a very old version of Linux under the hood. It too had problems
working with my Cisco ACS Radius server. When I pointed it to a
Microsoft Radius server on Win2003, it worked fine. Unfortunately, I no
longer have this Firebox to test with. However, I suppose I could
attempt to point my m0n0wall at that Win2003 Radius server and see if it
works. I'll try that next.
From: Pete Klein [mailto:petek1827 at yahoo dot com]
Sent: Friday, March 16, 2007 2:24 PM
To: Holmes, Robert; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Radius & PPTP
I found the following old post of someone having a similar problem
This post doesn't solve our problem but I notice that the writer had one
type of error message (rec'd unexpected protocol...) when his client was
set to 40 bit encryption and a different one when the client was set to
I'm using the 98se client for testing which is only 40 bit. I am
assuming since you are using XP that it is set by default to 128 bits,
however could you confirm this? Also could you experiment with
different settings to see if there is any change? I'm wondering if the
"Require 128-bit encryption" setting is being enable on monowall even if
it is not set.
I also found this post on the pfsense site:
I don't think this is the same problem but they might be related.
I also checked the MPD documentation
and they say the following in their troubleshooting section
Packets won't flow.
Make sure you have set gateway_enable="YES" in /etc/rc.conf,
otherwise your FreeBSD box will not route packets. Alternately, invoke
net.inet.ip.forwarding=1 for immediate effect.
Also, check your firewall settings. Mpd will create new interfaces
which may need to be incorporated into your firewall rules. If you're
doing PPTP, you need to allow TCP port 1723 and IP protocol
Since everything seems to work if Radius is disable I don't think any of
this applies. However it is possible that mononwall is changing
something behind the scenes.
For the record I have the following set in the Firewall:NAT:Inbound
WAN TCP 1723 192.168.81.1 1723
Has anyone on this mailing list ever successfully set up pptp to use a
--- "Holmes, Robert" <Robert dot Holmes at agilysys dot com>
> My settings, platform and problems are the same as yours Pete. I have
> a WRAP, but I also tried it on a CDROM image under Vmware. I won't
> post the log because its identical. Yes, I can ping myself, but no
> one else.
> I'll just confirm the same issue as you.
> I tried pfSense thinking that maybe FreeBSD 6 would fix it, but the
> devs over there said they just sync the code from m0n0wall. I am
> using a Windows PPTP client under XP. The same settings work to a
> Microsoft PPTP server as well as m0n0wall with a local user list, so
> it is something inherent in the Radius settings preventing it from
> Can anyone else also confirm this problem?
Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.