[ previous ] [ next ] [ threads ]
 
 From:  "Greg Sims" <greg underscore sims at earthlink dot net>
 To:  "Magne Andreassen" <magne dot andreassen at bluezone dot no>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC from Dial-Up
 Date:  Tue, 21 Oct 2003 20:14:19 -0700
I gave your setup a try this evening.  Here's what I did:

On m0n0wall
	lan address range 192.168.0.1/24
	wan address 123.456.789.1 -- this is not a real ip
	enable PPTP server is selected
	server address: 192.168.0.127
	remote address range: 192.168.0.128/28
	RADIUS Server is Not selected
	128 bit encryption is Not selected
	Added One UserID and One Password
	All other fields on PPTP are default values (mostly blank)
	Added the following firewall rule
		proto=*, source=PPTP Clients, Port=*, Destination=*, Port=*, Frag=null


On WinXP
	created a PPTP Connection
	uses my Dial-Up ISP for Internet Connection
	target address is 123.456.789.1 (wan address of m0n0wall)

I was able to establish a connection with this setup but the performance is
very slow. I first tried to browse a web page inside the network but the
browser timed out.  I then tried to ping some of the addresses on the LAN
side of the m0n0wall (192.168.0.xx).  These pings resulted in timeouts 50%
of the time.  I also looked at the load averages on the system status page
of m0n0wall and they were all very low.  This seems to indicate I don't have
a hardware resource problem (cpu, memory, ...).

I hope someone can spot a configuration error of some sort as the PPTP
interface seems to be just what I'm looking for.  If I can just get past
this performance issue ...

Any help would be appreciated!  Greg




-----Original Message-----
From: Magne Andreassen [mailto:magne dot andreassen at bluezone dot no]
Sent: Tuesday, October 21, 2003 12:45 PM
To: 'Greg Sims'; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] IPSEC from Dial-Up


Greg Sims wrote:
> I need to configure m0n0wall so we can access the router
> while we're on the road using a dial-up account.  We would
> like to use IPSEC to provide a secure connection into the router.  Is
> this possible?
>
> I need to understand how to configure the following couple of fields
> in m0n0wall:
>
> 	Remote Subnet: ??
> 	Remote Gateway: ??
>
What kind of clients are you using? If windoze, then i would recommend
you consider using PPTP. Easy to setup both on your winbox and m0n0wall.
Only thing you need to do is enable PPTP server in m0n0wall, fill in the
server address and remote address range. If you are running a radius
server on you LAN(eg. MS IAS), you get a central managment of your user
accounts. If not, use m0n0wall's built-in user account and add users to
it.
Now on your windoze machine, add a new network connection and choose
"Connect to a private network(VPN)" and fill in the ip-address of
m0n0walls WAN interface(or FQDN).
Checking "Require 128-bit encryption" on the PPTP properties page on
m0n0wall enabels clients to use 128-bits encryption when connecting.
(unencrypted connections will not be accepted)

With this setup, you dont have to worry about remote subnet or gateway
since a client can connect via VPN from any ip as long as the username
and password is accepted.


Magne