News: This forum is now permanently frozen.
Pages: [1]
Topic: 1.3b10 PPTP Server issues, Take 2  (Read 2165 times)
« on: March 11, 2008, 22:22:13 »
scaron *
Posts: 3

In case I have violated this forum's etiquette in my previous post, here is a second attempt at describing this bug.

The basic configuration is simple: a Windows XP client protected by a 1.3b10 m0n0wall tries to establish a PPTP link to another 1.3b m0n0wall.

Diagram:

PPTP Client --->    m0n0wall  -->  Internet   <-- m0n0wall
IP 10.1.2.3______10.0.0.1__x.y.z.1 >------< a.b.c.d___192.168.1.1

For the sake of this test, the m0n0wall directly connected to the PPTP client is always version 1.3b10.

The PPTP server configuration on the 1.3b10 box is "Redirect to 10.4.5.6"


I have reinstalled a version 1.3b7 on a second box to make sure that I am not using the current MPD 4.4 (since 1.3b8). There are three network cards on that box: LAN is 192.168.1.1/24, OTHER is 192.168.33.1/24 and WAN is a static private ip.

The PPTP server configuration on the 1.3b7 box is:

Server address  192.168.2.216
Remote address range  192.168.2.224 /28 (16 addresses)
No RADIUS server is specified.
"Require 128-bit encryption" is checked
There is a single user configured on the "Users" tab.

The firewall configuration for the PPTP segment is:
"*  PPTP clients  *  *  *  Default PPTP Clients -> any   "
which basically accepts anything from the PPTP client.

If I disable PPTP redirection on the 1.3b10 m0n0wall protecting the Windows XP client, the PPTP link goes up and the Windows XP client can ping 192.168.1.1, 192.168.2.216, and 192.168.33.1. The relevant part of the system log showing the PPTP link going up is:


Mar 11 16:33:16 m0n0wall mpd: [pt0] IFACE: Up event
Mar 11 16:33:16 m0n0wall mpd: [pt0] setting interface ng1 MTU to 1500 bytes
Mar 11 16:33:16 m0n0wall mpd: [pt0] exec: /sbin/ifconfig ng1 192.168.2.216 192.168.2.224 netmask 0xffffffff -link0
Mar 11 16:33:16 m0n0wall mpd: [pt0] no interface to proxy arp on for 192.168.2.224
Mar 11 16:33:16 m0n0wall mpd: [pt0] exec: /sbin/route add 192.168.2.216 -iface lo0
Mar 11 16:33:16 m0n0wall mpd: [pt0] exec: /usr/local/sbin/vpn-linkup ng1 inet 192.168.2.216 192.168.2.224 admin 
Mar 11 16:33:16 m0n0wall mpd: [pt0] IFACE: Up event


When I enable PPTP redirection on the 1.3b10 m0n0wall, the Windows XP client can no longer connect to the 1.3b7 box (error 619). A network trace shows that the GRE traffic required to establish the link (LCP) leaves the Windows XP client and the 1.3b7 m0n0wall server never responds.

However, in this condition, the Windows XP client can connect to, for example, Windows PPTP servers (2000 and 2003 were tested). The 1.3b10 box has no issue processing the returning GRE traffic from these servers.

Replacing the remote 1.3b7 by a 1.3b9 or 1.3b10 has no impact on the issue. However, pings to 192.168.1.1, 192.168.2.216 and 192.168.33.1 are logged as blocked in the firewall log and so is the DNS traffic from the PPTP client to 192.168.1.1 which replaced the DNS server of the client on linkup.

Regards,

Serge Caron



« Last Edit: March 11, 2008, 22:54:12 by scaron »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines