[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP Problem
 Date:  Sun, 23 May 2004 20:10:58 -0700 (PDT)
On Sun, 23 May 2004, Julien wrote:
> Julien wrote:
> > Fred Wright wrote:
> >> On Sun, 23 May 2004, Julien wrote:
> >>
> >>> i have a problem with PPTP. First of all let me introduce me my 
> >>> Settings: My M0n0wall is at the moment only used as Access Point,so 
> >>> i built in one Wireless NIC(defined as WAN) for the (Host)AP and one 
> >>> Ethernet NIC for the Connection. The LAN Side is connected to the 
> >>> integrated switch of an DSL Router, together with the some 

> >>> can Dial in via WLAN, authenticate via PPTP, use LAN Resources and 

> >>> that  the mobile clients can access the  LAN but NOT the Internet, 
> >>> so it must be some kind of routing problem. I tried to setup a 
> >>> default route for the PPTP Interface to the Internet with the 

> >>> use here?!?!) and the routers LAN interface as Gateway. So, has 
> >>> anybody an idea how to solve this? Thanks a lot ;-)
> >>
> >>
> >> Well, 0.0.0.0/32 only matches packets directed precisely to 0.0.0.0, so
> >> it's pretty useless. :-)
> >>
> >> There's no "clean" way to set this up, since m0n0wall doesn't allow for
> >> the possibility of having an external default gateway on the
> >> LAN.  Swapping LAN and WAN designations would fix this, but would have
> >> other problems.
> >>
> >> The only way I know of to do this is to manually edit the config.xml 
> >> file
> >> to include the line
> >>
> >>     <shellcmd>route add default w.x.y.z</shellcmd>
> >>
> >> in the "system" section, where "w.x.y.z" should be the LAN IP of the DSL
> >> router.  I recommend putting it between the "timezone" and
> >> "timeservers" entries.
> >>
> >> Use the m0n0wall ping feature to verify that you can access the Internet
> >> from the m0n0wall itself, though note that if you want to use symbolic
> >> hostnames you'll need at least one correct DNS IP in the m0n0wall 
> >> config.
> >>
> >> Outbound traffic from PPTP clients should then work as long as they see
> >> the m0n0wall as the default gateway, but routing the return traffic 
> >> needs
> >> the DSL router to see the m0n0wall as the gateway to those machines, 
> >> which
> >> can be done in one of three ways.
> >>
> >> 1) Use NAT to map the PPTP clients to a LAN IP.  Unfortunately, this 
> >> would
> >> be "backwards NAT" in the current LAN/WAN setup, and I don't think it's
> >> possible.
> >>
> >> 2) Put the PPTP clients in a different subnet and add a static route 
> >> entry
> >> to the DSL router to make that subnet reachable via the m0n0wall.  The
> >> latter may or may not be possible, depending on the router.
> >>
> >> 3) Put the PPTP clients on LAN IPs and have the m0n0wall do Proxy ARP 
> >> for
> >> them.  Its current ProxyARP support isn't really set up for that case,
> >> though (and Proxy ARP should always be a last resort, anyway).
> >>
> >> Swapping LAN and WAN designations would allow #1, but would create a 
> >> host
> >> of other problems.  Replacing the DSL router with another m0n0wall would
> >> allow #2.
> >>

> > do i get shell access(boot parameter?) or remote access to edit the 
> > config.xml file?

Download it, edit it, upload it.  But I guess you figured that out.

> i figured this one out for myself *g* made the entry for the default 


I presume you were able to access the Internet from the m0n0wall itself
(e.g. via ping) after making the routing entry (and rebooting).

When you say "tried" 2 and 3, do you mean "tried" or "investigated"?  If
your DSL router allows you to make the routing entry, and you choose the
IP addresses appropriately, then I'd expect #2 to work.  I don't think you
can do #3 via the m0n0wall GUI, although you might be able to make it work
via some "arp" commands as "shellcmd" entries.

					Fred Wright