[ previous ] [ next ] [ threads ]
 From:  "Holmes, Robert" <Robert dot Holmes at agilysys dot com>
 To:  "Pete Klein" <petek1827 at yahoo dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Radius & PPTP
 Date:  Fri, 16 Mar 2007 15:07:42 -0400
I have tried both 40bit and 128bit and it doesn't seem to matter.  The
m0n0wall supports 128-bit just fine with local users, so it's something
funky with Radius that makes it have this issue.  You may be right that
m0n0wall is creating a rule in the background we are not aware of.  I
have a firewall rule that allows PPTP users to go anywhere, which also
works great with local users.  I've dumbed down the client on XP to use
PAP and no encryption, but it doesn't seem to help.

Lee, I am not using Captive Portal.  When I tried it with pfSense too, I
made a very vanilla configuration and it didn't work there either.

Now, for what it's worth, at work I once had a Watchguard Firebox which
is another m0n0wall/Sonicwall/Netscreen type of appliance.  I believe it
ran a very old version of Linux under the hood.  It too had problems
working with my Cisco ACS Radius server.  When I pointed it to a
Microsoft Radius server on Win2003, it worked fine.  Unfortunately, I no
longer have this Firebox to test with.  However, I suppose I could
attempt to point my m0n0wall at that Win2003 Radius server and see if it
works.  I'll try that next.



-----Original Message-----
From: Pete Klein [mailto:petek1827 at yahoo dot com] 
Sent: Friday, March 16, 2007 2:24 PM
To: Holmes, Robert; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Radius & PPTP

Hi Robert,

I found the following old post of someone having a similar problem


This post doesn't solve our problem but I notice that the writer had one
type of error message (rec'd unexpected protocol...) when his client was
set to 40 bit encryption and a different one when the client was set to
128 bit.  

I'm using the 98se client for testing which is only 40 bit.  I am
assuming since you are using XP that it is set by default to 128 bits,
however could you confirm this?  Also could you experiment with
different settings to see if there is any change?  I'm wondering if the
"Require 128-bit encryption" setting is being enable on monowall even if
it is not set.

I also found this post on the pfsense site:


I don't think this is the same problem but they might be related.

I also checked the MPD documentation


and they say the following in their troubleshooting section

Packets won't flow.

    Make sure you have set gateway_enable="YES" in /etc/rc.conf,
otherwise your FreeBSD box will not route packets. Alternately, invoke
sysctl -w
net.inet.ip.forwarding=1 for immediate effect.

    Also, check your firewall settings. Mpd will create new interfaces
which may need to be incorporated into your firewall rules. If you're
doing PPTP, you need to allow TCP port 1723 and IP protocol
47 (GRE).

Since everything seems to work if Radius is disable I don't think any of
this applies.  However it is possible that mononwall is changing
something behind the scenes.

For the record I have the following set in the Firewall:NAT:Inbound
WAN 	TCP 	1723 	1723 	

Has anyone on this mailing list ever successfully set up pptp to use a
Radius Server???

--- "Holmes, Robert" <Robert dot Holmes at agilysys dot com>

> My settings, platform and problems are the same as yours Pete.  I have

> a WRAP, but I also tried it on a CDROM image under Vmware. I won't 
> post the log because its identical.  Yes, I can ping myself, but no 
> one else.
> I'll just confirm the same issue as you.
> I tried pfSense thinking that maybe FreeBSD 6 would fix it, but the 
> devs over there said they just sync the code from m0n0wall.  I am 
> using a Windows PPTP client under XP.  The same settings work to a 
> Microsoft PPTP server as well as m0n0wall with a local user list, so 
> it is something inherent in the Radius settings preventing it from 
> working.
> Can anyone else also confirm this problem?
> -Robert

Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.