Hello,
I have a very simple PPTP setup.
When I have an end user connect via PPTP they enjoy full access to my LAN. They can see everything on the lan and for that matter, the WAN as well. Web surfing, telnet, email, IMAP, POP, VNC you name it.
However, when I try to connect to them (to perform remote work on their machines via VNC or RDP I get no where. Obviously I am missing something simple. I am using v1.11 and would INSTANTLY upgrade if a newer release addresses this issue.
Thanks for a wonderful product that has saved my behind multiple times!
-ryan
The Monowall is the router for this network.
LAN network IP is 172.16.2.196
PPTP network is 172.16.2.64/28
Routing table as follows:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.16.100.254 UGSc 4 647 fxp0
127.0.0.1 127.0.0.1 UH 0 0 lo0
172.16/12 172.16.2.254 UGSc 1 21 dc0
172.16.2/24 link#2 UC 3 0 dc0
172.16.2.21 00:06:29:9c:e8:cb UHLW 0 39 dc0 1088
172.16.2.64 172.16.100.196 UH 1 474 ng1
172.16.2.64 00:a0:cc:54:50:67 UHLS2 0 0 dc0
172.16.2.65 172.16.100.196 UH 1 154 ng2
172.16.2.65 00:a0:cc:54:50:67 UHLS2 0 0 dc0
172.16.2.250 00:0d:93:9e:81:c3 UHLW 0 1774 dc0 870
172.16.2.254 00:00:0c:07:ac:01 UHLW 2 0 dc0 569
172.16.100/24 link#1 UC 4 0 fxp0
172.16.100.10 00:90:27:3e:8a:6b UHLW 1 23 fxp0 524
172.16.100.11 00:90:27:95:d5:f0 UHLW 0 5 fxp0 45
172.16.100.196 lo0 UHS 0 0 lo0
172.16.100.250 00:0d:93:9e:81:c2 UHLW 2 4 fxp0 866
172.16.100.254 00:d0:b7:68:a3:88 UHLW 5 0 fxp0 1198
Firewall Config as follows:
@1 pass out quick on lo0 from any to any
@2 pass out quick on dc0 proto udp from 172.16.2.196/32 port = 67 to any port = 68
@3 pass out quick on dc0 from 172.16.2.0/24 to 172.16.0.0/12
@4 pass out quick on dc0 from 172.16.0.0/12 to 172.16.2.0/24
@5 pass out quick on fxp0 proto udp from any port = 68 to any port = 67
@6 pass out quick on dc0 from any to any keep state
@7 pass out quick on fxp0 from any to any keep state
@8 block out log quick from any to any
@1 pass in quick on lo0 from any to any
@2 block in log quick from any to any with short
@3 block in log quick from any to any with ipopt
@4 pass in quick on dc0 proto udp from any port = 68 to 255.255.255.255/32 port = 67
@5 pass in quick on dc0 proto udp from any port = 68 to 172.16.2.196/32 port = 67
@6 pass in quick on dc0 from 172.16.2.0/24 to 172.16.0.0/12
@7 pass in quick on dc0 from 172.16.0.0/12 to 172.16.2.0/24
@8 block in log quick on fxp0 from 172.16.2.0/24 to any
@9 block in log quick on fxp0 proto udp from any port = 67 to 172.16.2.0/24 port = 68
@10 pass in quick on fxp0 proto udp from any port = 67 to any port = 68
@11 skip 2 in on dc0 from 172.16.0.0/12 to any
@12 skip 1 in on dc0 from 172.16.2.0/24 to any
@13 block in log quick on dc0 from any to any
@14 skip 1 in proto tcp from any to any flags S/FSRA
@15 block in log quick proto tcp from any to any
@16 block in log quick on dc0 from any to any head 100
@1 pass in quick from 172.16.2.0/24 to 172.16.2.196/32 keep state group 100
@2 pass in log quick from any to any keep state keep frags group 100
@17 block in log quick on fxp0 from any to any head 200
@1 pass in quick proto gre from any to 127.0.0.1/32 keep state group 200
@2 pass in quick proto tcp from any to 127.0.0.1/32 port = 1723 keep state group 200
@18 pass in log quick on ng1 from 172.16.2.64/28 to any keep state keep frags
@19 pass in log quick on ng2 from 172.16.2.64/28 to any keep state keep frags
@20 pass in log quick on ng3 from 172.16.2.64/28 to any keep state keep frags
@21 pass in log quick on ng4 from 172.16.2.64/28 to any keep state keep frags
@22 pass in log quick on ng5 from 172.16.2.64/28 to any keep state keep frags
@23 pass in log quick on ng6 from 172.16.2.64/28 to any keep state keep frags
@24 pass in log quick on ng7 from 172.16.2.64/28 to any keep state keep frags
@25 pass in log quick on ng8 from 172.16.2.64/28 to any keep state keep frags
@26 pass in log quick on ng9 from 172.16.2.64/28 to any keep state keep frags
@27 pass in log quick on ng10 from 172.16.2.64/28 to any keep state keep frags
@28 pass in log quick on ng11 from 172.16.2.64/28 to any keep state keep frags
@29 pass in log quick on ng12 from 172.16.2.64/28 to any keep state keep frags
@30 pass in log quick on ng13 from 172.16.2.64/28 to any keep state keep frags
@31 pass in log quick on ng14 from 172.16.2.64/28 to any keep state keep frags
@32 pass in log quick on ng15 from 172.16.2.64/28 to any keep state keep frags
@33 pass in log quick on ng16 from 172.16.2.64/28 to any keep state keep frags
@34 block in log quick from any to any
Firewall log is as follows (Y=Allowed, N=Denied):
N 11:19:28.794966 ng1 172.16.2.250 172.16.2.64 ICMP
N 11:19:27.795046 ng1 172.16.2.250 172.16.2.64 ICMP
N 11:19:26.795123 ng1 172.16.2.250 172.16.2.64 ICMP
N 11:19:25.795583 ng1 172.16.2.250 172.16.2.64 ICMP
N 11:19:24.795252 ng1 172.16.2.250 172.16.2.64 ICMP
Y 11:19:24.123669 ng2 68.87.73.242, port 53 172.16.2.65, port 2279 UDP
Y 11:19:24.123631 WAN 68.87.73.242, port 53 172.16.2.65, port 2279 UDP
Y 11:19:23.974590 ng2 172.16.2.196, port 53 172.16.2.65, port 2279 UDP
Y 11:19:23.900972 ng2 172.16.2.65, port 2279 172.16.2.196, port 53 UDP
Y 11:19:23.900768 WAN 172.16.100.196, port 7335 68.87.73.242, port 53 UDP
Y 11:19:23.900709 ng2 172.16.2.65, port 2279 68.87.73.242, port 53 UDP
m0n0wall Forum > m0n0wall Support (English) > VPN
Topic: PPTP all setup, unable to ping/connect to any services from LAN to PPTP clients.