[ previous ] [ next ] [ threads ]
 From:  "Justin W. Pauler" <jwpauler at air dash q dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] [pptp] problem connecting from XP clients behind firewall/NAT
 Date:  Mon, 24 May 2004 10:01:11 -0500
If you will, let me through my two cents in...

I've had the EXACT same problem for the past two nights, at work, via the
LAN port, my VPN worked just fine (I was only testing in this situation),
but at home, connecting via the WAN port, I got nothing. Turns out, at home,
my Linksys BEFSR81 had the "PPTP Pass Through" setting set to DISABLE,
therefore, only parts of the PPTP handshake were leaving the local network.
After changing that variable, PPTP works great!

Good luck.

Justin W. Pauler
Network Administrator
Air-Q WiFi Corporation
E-Mail: jwpauler at air dash q dot com
WWW: http://www.air-q.com
Phone: (225) 923-1034 x87
Fax: (225) 923-1036 
AIM: AirQ Support

> -----Original Message-----
> From: Fred Wright [mailto:fw at well dot com] 
> Sent: Sunday, May 23, 2004 9:58 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] [pptp] problem connecting from XP 
> clients behind firewall/NAT
> On Sun, 23 May 2004, Gianluca Bosco wrote:
> > I have enabled the PPTP server on m0n0 1.0, and I'm 
> experiencing a problem
> > connecting from XP VPN clients behind a NAT/firewall over 
> which I have no
> > control.
> > 
> > Specifically, from the VPN clients I'm able to establish a 
> first connection,
> > but when it comes to the authentication (user/password), XP 
> reports a 619
> > error, stating that " ... the port was disconnected ...".
> > 
> > My feeling is that while the vpn clients can open a 
> connection on 1723 to
> > the m0n0 PPTP server, they cannot accept a second 
> connection coming from the
> > PPTP server itself, since the firewall is blocking it (GRE?).
> > 
> > Is there any workaround for this problem?
> The short answer is no.  PPTP is one of the most 
> NAT-unfriendly protocols
> ever invented.  I suspect some guys at Microsoft lay awake 
> nights trying
> to figure out how to outdo the NAT unfriendliness of 
> active-mode FTP, and
> they succeeded. :-)
> *If* you have control of the NAT router, then the particular 
> case where
> you want *one* LAN client to work and don't care about 
> incoming PPTP, then
> it can be made to work via NAT redirection.  Otherwise, forget it.
> The only complete solution would be a smart PPTP propxy on the router.
> 					Fred Wright
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch