[ previous ] [ next ] [ threads ]
 From:  Falcor <falcor at netassassin dot com>
 To:  Matthew Geddert <webmaster at mbseminary dot edu>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] remote vpn clients
 Date:  Wed, 18 Feb 2004 17:16:18 -0600

Like Christiaens said, make sure that your ISP allows port access below 
1024 for inbound connections.  Many are now blocking these.  E.g. they 
offer you access to the internet, but will deny you the ability to 
perform ISP like functions.  E.g. mail, VPN, HTTPd, etc.  Some state 
this is for security reasons, but it all boils down to them wanting you 
to pay more for them to change the ACL so you can get inbound low ports.

Also... the network you are trying to PPTP to the firewall from may not 
allow it.  Or it is performing NAT and thus PPTP will not work 
correctly.  Try using the IPSEC if this is the case, it is a better (in 
my openion) way to go for VPN anyway.  I am working on a  similar IPSEC 
how-to currently.

Matthew Geddert wrote:

> Hello,
> I've followed the advice in this guide:
> http://m0n0.ch/wall/guides/pptpvpn.pdf
> And am not able to access pptp from a remote location (i.e. on the WAN 
> side of the firewall). I've done a port scan with nmap on the WAN side 
> and all ports are blocked and it in fact doesn't even respond to a 
> ping - which Iím guessing is the default behavior. On the LAN side 
> port 1723 (i.e. the pptp port) is open and I was able to connect to 
> pptp using the standard windows XP built in client. I have the "pptp 
> -> any rule" as described in the pdf. Does anybody have any 
> suggestions for allowing me to remotely access pptp (i.e. through the 
> WAN interface)?
> I have enabled all ports on the wan side with a wan rule of * * * * * 
> and that didn't do anything to allow access to pptp from the WAN side.
> Or, if this is an egregious security error could somebody please 
> suggest a better alternative for remote access to the LAN.
> Thanks for the help
> Matthew
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch