VPN

I'm trying to create a PPTP connection to a remote office however it seems to get stuck on "verify username and password"

I've enabled GRE on the WAN interface but that doesn't seem to make a difference.


This is the setup i'm trying to get:

ME(PTTP Client)------->m0n0wall-------->Internet---------->Office Router(Cisco PPTP server)---------->Office LAN

An ethereal packet capture shows that it gets up to the point of creating the GRE tunnel but fails. It seems the windows client sends a PPP LCP config request but doesn't get anything back from the server.

I don't know whats wrong here, but it may just be a config problem.

Here are my firewall rules:
LAN: Allow any LAN -> *
WAN: Allow GRE * -> *

I have the same problem, but i connect pptp from modem connection it's work correctly.....

Have you tried disabling the firewall on your client computer entirely to see if it is related to client computers firewall?

Also, don't forget that if your client computer is on an internal address in the same range as the remote office, you will have traffic problems (i.e. the client is on 192.168.0.xxx range and your remote office is ALSO on 192.168.0.xxx range).

I think your problem might be something else, but make sure the above isn't causing the problem.

What is the PPTP client you are using? Microsoft's default client? I seem to recall that Cisco routers often have a propietary VPN client software...are you using that to connect? If not, you might want to poke around the Cisco site to see if they have a VPN client software for use with that router/pptp server you are trying to connect to.

You can only connect a single machine per public IP to a given external PPTP server, also could be your issue if some other machine is already connected and you NAT all your machines to your WAN IP.

Ok, however,

- The remote subnet is on a different ip range.
- the firewall in windows i turned off.
- cisco licensed the pptp technology to microsoft, and hence i do believe cisco has got it right. But yes, i am using the windows inbuilt pptp client.

And it used to work when i was using smoothwall.

I seem to remember that you should be able to route the GRE tunnel packets even if its through nat.

Yes, you can NAT GRE, but how well depends on what device the client is behind. GRE doesn't have ports at L4 to track connections like TCP and UDP do, and some NAT implementations, like ipfilter/ipnat which is what m0n0wall uses, can't track state on GRE connections for more than one simultaneous connection to a given PPTP server. Hence, if you already have one machine connected, you can't connect a second.

Try resetting the state table on m0n0wall and see if you can connect then. GRE also has a habit of sticking around in the state table longer than it should.

Lastly, if none of that works, are you seeing anything in your firewall log?

Nothing appears in the firewall log. I did enable logging for the GRE rule that i had on the wan interface and nothing seemed to match it.

I have tried resetting the NAT table and that didn't do anything.

Hi i have tried in all mode, but it doesnt work....

Work only from a public ip address...

and work if PPTP server is a W2K3 Server Microsoft... with the redirection PPTP protocol in the configuration mask.

i try with this conf:

ME(PTTP Client)------->Local m0n0wall-------->Internet---------->Remote m0n0wall (PPTP Server)----------> Remote Office LAN

have another idea

Bye Francesco

Did you checked MTU/MRU?

Yes i have tried but not working.... sob....