VPN

OK....banging my head against the wall on this one and wondering if anyone has any thoughts or ideas about this.

I've been running m0n0wall for years now and using PPTP and the built-in client on Windows XP to connect to my network via M0n0 wall.  The connection works flawlessly and I even access local clients in the network neighborhood for windows file sharing services as I have setup the mappings on in the lmhost file on the XP clients.

Here's the catch though....

I cannot print to a TCP/IP based Axis printer server when connecting via VPN / PPTP.  No problem printing when I'm physically on the network, but no dice otherwise.

I've switched the m0n0 wall firewall rule to allow all protocols and no restrictions as best I can tell. I also tried allowing fragmented packets.  All with no success.

Any ideas on this? Am I missing a client-side or m0n0wall configuration step to allow this type of traffic to flow? Or is this one of those things that just "won't work on PPTP"?

I haven't switched to IPSec yet because I need the NAT transversal to work since all of our PPTP clients connect from home NAT routers.

you did change your m0n0wall's LAN IP address from the default 192.168.1.1 to something less common (like 192.168.just about anything but 1.1) didn't you?

can you ping the print server's IP thru the PPTP tunnel ?

CS...

Well....actually, I still run the internal LAN IP on the .1.1 address space, but the VPN clients are all using different a different address space (i.e. 192.168.0.1) to avoid the NAT  Traversal issues.

So I don't see that actually being a problem.

And yeah, I can ping the print server, I can access the print servers web interface. I just can't successfully send a print job to the print server....

does the printer config on your Windows machine specify an actual IP for your print server or does it have to resolve a name of some kind?

CS...

an actual IP address

can you post your LAN and PPTP rules ?

CS...

very simple rules as attached

Does the printer have a correct gateway address?

Yup....gateway on the print server is correct.

 Any suggestions on a good way to trap the data flow between the client and the print server? Run a network sniffer?

What model of Print server is it.  I am starting to think along lines of maybe it's working using some kind of broadcast rather than direct IP which of course is not routable.

Axis 1610 print server for use with Canon printers.

I'm starting to think the same thing about it possibly being broadcast related.

It claims to use a direct IP and the print driver actually has IP of the print server specified in it...but hey...that doesn't always mean it's the whole story.

Gonna try and sniff out all the traffic via wireshark and see what I can see.

You can ping, but can't connect via TCP, sounds like a MTU issue then.  What MTU are the PPTP clients using?

I've never had any print problems via PPTP, I do all the time myself with HP and Brother IP printers.

Yeah, I checked that. Ran pings to find out where the fragmentation was happening and then dropped the MTU on the Windows XP clients well below that amount at 1300 (1370 is where it fragments). Still didn't change the problem...

 

Did you get around to trying 1.3b15 ?

CS...

Not yet.....hopefully can get that going tomorrow.