[ previous ] [ next ] [ threads ]
 From:  "Luciano Areal" <luciano dot areal at bizvox dot com dot br>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Problems to use PPTP/GRE traffic to connect in a server - Please advice.
 Date:  Mon, 19 Nov 2007 10:09:34 -0300
Good morning, folks!

Here in my company, we have this network scenario:

Our network has one internal VPN server, based on a Windows 2003 Enterprise,
using PPTP and GRE protocol. We have several workers who eventually need to
connect in our network, to get some data and disconnect. Sometimes, they
need to work in our network from home, airport, etc., just like in a
"roadwarrior way". Following:

-------------        ---------       ----------       -------------
-------------        ---------       ----------       ------------- /24      200.*.*.* /28    (ISP IP)         *.*.*.* (any IP)

I did a basic installation of m0n0wall firewall solution on a machine here,
and set up all needed ports for our basic NAT (webserver, e-mail, etc.).
Here follows the part mentioned for PPTP:

Firewall: NAT: Port Forward Options

If      Proto   Ext. port range         NAT IP          Int. port range
WAN     TCP     1723              1723
Allow PPTP (TCP 1723)
WAN     GRE                   
Allow GRE (Protocol 47)

These rules were also inserted on Firewall: Rules (WAN section)

Proto   Source          Port    Destination     Port    Gateway
TCP     WAN address     1723    1723    *
Allow PPTP (TCP 1723)
GRE     WAN address     *    *       *
Allow GRE (Protocol 47)

Then, I tried to connect from home to my server, putting its WAN IP on my
VPN connection, but when I try to connect, nothing happens.

Am I doing anything wrong here? Did I forget any point here? I tried to get
some info on m0n0wall mail discussion archives, but didn't find anything
similar to my problem. :-(

Is there anything that I still need to do in order to free up traffic of
PPTP and GRE protocols, from my box to the internal server? If anyone here
have passed through this issue, please light up my path. ;-)

Best regards,

Luciano Pereira Areal
Network Administrator
E-mail: luciano dot areal at bizvox dot com dot br
Mobile #1: +55 21 8176-7376
Mobile #2: +55 21 8169-3362
Nextel ID: 55*8*64731
Skype: luciano_areal

Bizvox Voice Services
Avenida Nilo Peçanha, 50 Grupo 1516 - Centro
CEP: 20020-906
Rio de Janeiro - RJ - Brasil
Phone: +55 21 2212-1650
Fax: +55 21 2212-1675
Website: http://www.bizvox.com.br/


avast! Antivirus <http://www.avast.com> : Outbound message clean. 

Virus Database (VPS): 071119-0, 19/11/2007
Tested on: 19/11/2007 10:09:30
avast! - copyright (c) 1988-2007 ALWIL Software.