[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] [Bug Report ?!] Configuration mismatch causing pptp connection failure.
 Date:  Sun, 12 Sep 2004 15:18:30 -0700 (PDT)
On Sat, 4 Sep 2004, Edward J wrote:

>    Last night, I setup m0n0 on 2 different desktops, one as a pptp server and 
>    the other as a pptp client. Both sides configured, I found the client was
>    unable to connect to the server. The server was OK, because I could connect
>    to it through a pptp dial-up on my laptop running XP Pro. I looked up the
>    system log on the server for a while and found that during the pptp setup,
>    CCP was complaining it failed to negotiate required encryption and then, the
>    link went down. I suspected it's some kind of mis-configuration. So, I checked
>    the mpd.conf on both sides, and found compression settings were missing on the
>    client side. I added some lines like:
>              set bundle enable compression
>              set ccp yes mppc
>              set ccp yes mpp-e128
>              set ccp yes mpp-e56
>              set ccp yes mpp-e40
>              set ccp yes mpp-stateless
>    to the mpd.conf and restarted the mpd. It's now up and running happily.
>    So, I believe that might be a bug in the php based configuration generating script.
>    Someone can fix it !?

It's not a bug, it's a deficiency. :-)

M0n0wall doesn't have PPTP VPN client support *at all*.  The PPTP client
support that it has is intended solely for use with DSL modems that
require PPTP.  Hence, all the configuration options are set up for that
case.  Many configurations would be completely incapable of using its
setup VPN-style, regardless of MPD settings.

Real PPTP VPN client support would need more flexibility than the
PPTP-to-modem case, but that's a whole new feature.  It would also
increase the need for fixing the conflict between the client and server
sides of PPTP.

In the particular case of a VPN between m0n0walls, you'd be better off
with IPsec, anyway.

					Fred Wright