On Fri, 13 Aug 2004, Herron, David S wrote:
> I appreciate hearing that what I've done is correct. I DO have the
> 'Enable advanced outbound NAT' turned on, and the table is empty. That
> was the only combination that did what I wanted - No NATing at all from
> the m0n0wall. You are correct in assuming that all NAT is done from our
> primary firewall.
> However, my problem still lingers - even with no NATing, the connection
> will not authenticate. Hmmmph!
Hmm... I presume you also have the routing entry I mentioned, since
otherwise you wouldn't get the return packets from the control
connection. Make sure m0n0wall's PPTP feature is turned off, since
otherwise it will divert the GRE packets.
I don't think explicitly allowing inbound GRE through m0n0wall should be
needed, since the first GRE packet should be outbound and create a state
entry, but it's worth a try if the above doesn't fix it.
If all else fails, you could look at packet traces. :-)