[ previous ] [ next ] [ threads ]
 
 From:  Eternal Security <veptune at wanadoo dot fr>
 To:  Falcor <falcor at netassassin dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Re: [m0n0wall] Problem with PPTP VPN (problem of newbie :)
 Date:  Fri, 11 Jun 2004 18:50:38 +0200 (CEST)
Thanks u for help !



> Message du 11/06/04 17:36
> De : "Falcor" <falcor at netassassin dot com>
> A : veptune at wanadoo dot fr

> Objet : Re: [m0n0wall] Problem with PPTP VPN (problem of newbie :)
> 
> You can't use the same network on both sides.  You could do this with 
> IPSEC, but not with PPTP.
> 
> Set one network as 192.168.1.0/24
> Set one network as  192.168.2.0/24
> 
> currently both your networks are 192.168.0.0/24 whcih still won't 
> work.   Remember you are trying to build a route between two networks.  
> To do that you need two different networks.
> 
> E.g. These are all valid network setups:
> 192.168.0.0/24 and 10.10.10.0/24
> 192.168.0.0/24 and 192.168.1.0/24
> 10.10.10.0/24 and 10.10.11.0/24
> 
> All you need are two different networks, that do not overlap, and of 
> course be kind and use only the non-routable networks as defined by 
> RFC.  E.g. 192.168.x.x 10.x.x.x 127.x.x.x
> 
> 
> 
> Eternal Security wrote:
> 
> >Hello !
> >
> >Thanks for your answer, i have solved the problem when i have changed the network of my VPN users
in 192.168.1.0/24
> >
> >But now i have this config :
> >
> >
> >			VPN user (local adress 192.168.0.0/24 , vpn adress 192.168.1.192/28
> >					|
> >					|
> >					|
> >				router of customer (named router 2)
> >					|
> >					|
> >					|
> >				     INTERNET
> >					|
> >					|
> >					|
> >					|-wan interface : public adress
> >				   m0n0wall
> >					|-lan interface : 192.168.0.1
> >					|
> >					|
> >				 192.168.0.0/24 network
> >
> >
> >
> >If a VPN user want to ping 192.168.0.2, his local workstation will send the packet on the LAN of
the foreign network, not on the PPTP connexion (as u said) but how to solve it ???
> >
> >
> >
> >
> >  
> >
> >>Message du 10/06/04 22:13
> >>De : "Falcor" <falcor at netassassin dot com>
> >>A : veptune at wanadoo dot fr

> >>Objet : Re: [m0n0wall] Problem with PPTP VPN (problem of newbie :)
> >>
> >>Um, unless you forgot to mention how you reprogrammed the default and 
> >>other route rules on the workstation here is your problem:
> >>
> >>Your machine is physically connected to a 10.0.0.0/8.  Your PPTP tunnel 
> >>is on a 192.168.0.192/28.  Traffic to and from that machine and the 
> >>192.168.0.0/24 network will work perfectly fine.  Traffic to the remote 
> >>10.0.0.0/8 network will not.  Why?  Well the local machine knows to send 
> >>all traffic for 10.0.0.0/8 to the local default router and not to the 
> >>PPTP socket.
> >>
> >>you could try to reset the default router on the machine to the PPTP 
> >>assigned address and see if that works.  (Or change / set a route rule 
> >>on the core/default router on the computer's network informing it that 
> >>the remote network is accessed via the PPTP assigned IP.)
> >>
> >>The best way to do this is to forgo the other router and the 
> >>192.168.0.0/24 network and use your 10.0.0.0/8 networks as seperate /16 
> >>or /24 networks.  Then the machine would get the IP 10.0.0.1/24 (for 
> >>instance) PPTP of 10.0.1.1/24 and it would now know that 10.0.0.1/24 and 
> >>10.0.1.0/24 were two seperate networks and would route accordingly. 
> >>
> >>
> >>
> >>Eternal Security wrote:
> >>
> >>    
> >>
> >>>Hello all.
> >>>
> >>>I have a big problem with my VPN PPTP
> >>>
> >>>Here is my network:
> >>>
> >>>
> >>>
> >>>			VPN user (local adress 10.0.0.0/8 , vpn adress 192.168.0.192/28
> >>>					|
> >>>					|
> >>>					|
> >>>	router of customer (named router 2)
> >>>					|
> >>>					|
> >>>					|
> >>>				     INTERNET
> >>>					|
> >>>					|
> >>>					|
> >>>					|-interface wan : public adress
> >>>				 m0n0wall
> >>>					|-interface lan : 192.168.0.1
> >>>					|
> >>>					|
> >>>				 192.168.0.0/24 network
> >>>					|
> >>>					|
> >>>					|-interface : 192.168.0.2
> >>>		    my router (named router 1)
> >>>					|-interface : 10.10.5.1
> >>>					|
> >>>					|
> >>>				  10.0.0.0/8 network
> >>>
> >>>
> >>>On monowall, i have a vpn using PPTP. User authentification is OK.
> >>>When a vpn user connect to the VPN, he get an adress in the range 192.168.0.192/28
> >>>
> >>>The vpn user can ping the lan interface of monowall and it can ping 192.168.0.3 which is "the
IP address the PPTP server should use on its side for all clients" but it can't ping 192.168.0.2 !
> >>>And monowall can of course ping 192.168.0.2 (and 10.10.5.1)
> >>>
> >>>In my firewall rules, i allow all traffic from pptp client and from lan.
> >>>
> >>>I have no trace on firewall logs.
> >>>
> >>>I m sure that routing table from router 1 is ok.
> >>>
> >>>Do u know where is the problem ?
> >>>
> >>>And i have another question, if this problem is solved, and if my vpn user is in a local
network in the range 192.168.0.0/24, when he will send packets, i think they're will go to the local
network, not to the VPN :( , how to solve it ?
> >>>
> >>>thanks in advance for any help, sorry for my english it is not my primary language.
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>>
> >>> 
> >>>
> >>>      
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>
> >>    
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >  
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>