VPN

Hi,

Is there any way of using m0n0wall to assign an IP address from the PPTP DCHP pool when configured to authenticate with a RADIUS server (in our case 2003 server)?

I can only see a similar option when using "local" PPTP users page, but do not wish to use this as its another area to store user data.

Reason is I would like to set a specific IP address for engineers when "dialing-in" on the m0n0wall VPN, with firewall rules to allow specific engineers access to specific customer VPN tunnels they are permitted to work on by using the allocated IP address set from the PPTP connection?

Any info would be most welcome.

Yes, that's possible. If you're using Microsoft IAS to authenticate users against Active Directory, you can set the static IP address per user via Active Directory Users and Computers ("Dial-in" tab). This will cause IAS to send a Framed-IP-Address attribute to m0n0wall's PPTP VPN server. In m0n0wall versions before 1.3b8, you also need to enable support for RADIUS assigned IP addresses on the PPTP VPN setup page. In 1.3b8 and up, this is always enabled.

Hi Manuel,

Thank you for the info. Yes, we are using IAS under 2003 and the domain is in 2000 Native mode (which allows the use of adding IP addresses to users), but unfortunately I can't find any sections on the PPTP VPN Page for enabling RADIUS assigned IP Addresses on any of the m0n0wall's used? so it just uses the relevant IP pool on the PPTP page to assign to a user.

I am currently using 1.22 in our live environment, and i've also got a 1.3b9 under test (but not on a domain).

I have attached a screenshot for each of the version used to show you the settings available.

If we could assign the IP, it would open up a fantastic opportunity to continue with m0n0wall.

Thank you

unfortunately I can't find any sections on the PPTP VPN Page for enabling RADIUS assigned IP Addresses on any of the m0n0wall's used? so it just uses the relevant IP pool on the PPTP page to assign to a user.

I am currently using 1.22 in our live environment, and i've also got a 1.3b9 under test (but not on a domain).

1.22 didn't have the RADIUS IP feature yet (it was introduced with 1.23b3), and in 1.3b9, it's always enabled, so there's no setting for it.

I'd upgrade the 1.22 live installation to 1.232 if I were you - also for all the bug fixes and security updates.

Just upgraded live server to 1.232 and the option now exists!
I set an IP address on the RADIUS server to test, and behold the IP address I entered was allocated to my PPTP when authenticated! Fantastic!!

Only problem was could not access network, but eventually found it was to do with Firewall rules on PPTP.

I had a single basic rule of allowing "PPTP Clients" to everything, but the IP address I assigned on RADIUS was outside of the m0n0wall address/subnet on the PPTP VPN Page. Adding a new rule on PPTP for the new IP address I assigned on RADIUS then gave me access back again.

Looks like the rule "PPTP Clients" is an alias and refers only to the ip and subnet defined on the PPTP VPN page.

Anyway, it now opens up a whole new environment for using m0n0wall for limiting access for our engineers to customer sites! Absolutely fantastic!

Keep up the wonderful work on such a powerful product!