[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Using VPN PPTP over WAN
 Date:  Sun, 14 Nov 2010 23:20:24 -0500
On Sun, Nov 14, 2010 at 11:11 PM, Victor Di Girolamo
<digirolamo dot victor at gmail dot com> wrote:
> Hi,
> I am trying to set the built in PPTP VPN server to work over WAN.
> fast look on my config
> WAN interface - using PPPoE.    rules:          block - proto(*) / source(RFC 1918 networks) /
port(*) / Destination(*) / port(*)
>                                                                                pass - proto(TCP) /
source(*) / port(*) / Destination(** / port(1723)
>                                                                                pass - proto(GRE) /
source(*) / port(*) / Destination(** / port(*)
>                                                                                ** I also tried my
external IP and any(*) instead of the LAN address, not working
> LAN Interface - using rules:        pass - proto(*) / source(LAN Subnet) / port(*) /
Destination(*) / port(*)
>                                                                                I also try to add
the TCP 1723 and GRE rules under the LAN interface, not working
> WiFi interface - using rules:       pass - proto(*) / source(WiFi Subnet) / port(*) /
Destination(*) / port(*)
> PPTP VPN                                                                pass - proto(*) /
source(*) / port(*) / Destination(*) / port(*)
> I know the server is well set because i can establish connection from LAN and WiFi interfaces. But
when i try to connect from WAN side using an iphone or a Windows 7 client, the connection drop at
"verifying username and password" (status of the windows client), i got the error 619. Also I check
the "log packets" box for each rules i set and i can find any activity of theses in the log. I tried
a lot of configuration on the rules and the NAT settings but nothing seem to work.
> Does anyone know the right rules configuration for using the Built in PPTP server over WAN ?

There isn't a way to get it wrong, the rules for GRE and TCP 1723 are
added automatically and cannot be overridden.

619 means a problem with the firewall or NAT device the client is
behind. For the iPhone if you're using 3G, depending on your provider,
many of them NAT phones and do not NAT GRE, hence PPTP is impossible.