[ previous ] [ next ] [ threads ]
 From:  "Herron, David S" <DSHerron at nbc dot edu>
 To:  "Fred Wright" <fw at well dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] PPTP through m0n0 not authenticating
 Date:  Fri, 13 Aug 2004 16:13:25 -0600

Yes, the routing entry is in place, and m0n0wall's PPTP and IPSEC VPN
are both disabled.  The GRE rule I have tried with & without.... neither
seem to make a difference.  As for the packet trace, I'm not very
experienced in that area.... I appreciate all your help!  Hopefully
somebody will have an idea I haven't tried!


-----Original Message-----
From: Fred Wright [mailto:fw at well dot com] 
Sent: Friday, August 13, 2004 4:03 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] PPTP through m0n0 not authenticating

On Fri, 13 Aug 2004, Herron, David S wrote:

> I appreciate hearing that what I've done is correct.  I DO have the
> 'Enable advanced outbound NAT' turned on, and the table is empty.
> was the only combination that did what I wanted - No NATing at all
> the m0n0wall.  You are correct in assuming that all NAT is done from
> primary firewall.
> However, my problem still lingers - even with no NATing, the
> will not authenticate.  Hmmmph!

Hmm...  I presume you also have the routing entry I mentioned, since
otherwise you wouldn't get the return packets from the control
connection.  Make sure m0n0wall's PPTP feature is turned off, since
otherwise it will divert the GRE packets.

I don't think explicitly allowing inbound GRE through m0n0wall should be
needed, since the first GRE packet should be outbound and create a state
entry, but it's worth a try if the above doesn't fix it.

If all else fails, you could look at packet traces. :-)

					Fred Wright

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch