[ previous ] [ next ] [ threads ]
 
 From:  Adam Nellemann <adam at nellemann dot nu>
 To:  Dany Nativel <dany underscore list at natzo dot com>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Static DHCP only?
 Date:  Wed, 11 Feb 2004 17:40:07 +0100
Thanks Dany,

This looks very good! (Wasn't at all aware PPTP could be used for 
internal security as well as over the WAN IF, very neat!)

I'll test this at the first opportune moment!

Dany Nativel wrote:

> Adam,
> 
> You will find below one of my previous post regarding PPTP to secure a 
> WLAN connection using OPT1 (external Access Point). The OPT1 is on a 
> 10.112.x.x subnet.  It's very easy to setup. You may want to replace 
> OPT1 with your WLAN card.
> 
> As soon as the user authenticates, he gets a virtual IP address within 
> the LAN subnet so I don't have to setup any static route. The only rules 
> I used are :
> 
> --> for OPT1 :        (this is here to only allow PPTP traffic)
> GRE * * * *                                    
> TCP * * * 1723
> 
> --> for PPTP
> * * * * *
> 
> The other settings are :
> 
> INTERFACES
> LAN : 192.168.0.10/24
> WAN : DHCP
> OPT1 : bridge:none
>             ip address : 10.112.0.1/24
> 
> RULES
> PPTP clients
> * * * * *
> 
> OPT1 interface
> GRE * * * *
> TCP * * * 1723
> 
> LAN * * * * *
> 
> SERVICES :  DHCP
> -   LAN    192.168.0.1 to 192.168.0.9
> -   OPT1  10.112.0.2 to 10.112.0.10
> 
> VPN : PPTP
> Enable : yes
> Server address : 192.168.0.200
> Remote address range : 192.168.0.208
> 
> VPN: PPTP: User
> ....
> 
> Under Windows, you can create PPTP account (new network connection with 
> the same login/password)
> 
> I hope this will help you.  This was really easy to setup so you should 
> give it a try.
> 
> Dany