News: This forum is now permanently frozen.
Pages: [1]
Topic: Multtiple PPTP clients behind a Monowall  (Read 4678 times)
« on: November 12, 2009, 21:38:17 »
woodyak *
Posts: 1

We are using a Monowall (version 1.232) firewall for our public network and we have multiple users that need to access a customer's PPTP VPN. None of the users are able to connect to this site using Microsoft's PPTP client from behind the MW, but they can all connect from home on their DSL/Cable modem connections. We have a pretty basic configuration with only a media router in front of the MW. It has one public IP address and is configured to allow everything going out. All other VPN clients (ipsec-based) work just fine behind the MW. Any ideas?
« Reply #1 on: November 13, 2009, 10:20:38 »
markb ****
Posts: 331

Do you have any restrictions on outgoing traffic?  Also, I think you will only be able to have 1 tunnel to the same end point at one time.  This is a limitation of the NAT in Monowall.
« Reply #2 on: November 27, 2009, 11:31:25 »
blanne *
Posts: 2

PPTP forwarding (GRE translation) is pretty basic functionality - standard on most standalone (hardware) router/firewalls with NAT (for which m0n0wall is supposed to be a drop-in replacement?). Isn't it about time m0n0wall added support for this? I understand that the problem is with the underlying freebsd firewall not supporting it yet, but it looks like possible solutions exist...

We just started using m0n0wall as our primary firewall at my workplace, and it was a bit of a surprise that Windows VPN stopped working!
« Reply #3 on: January 01, 2010, 22:35:10 »
mgraves *
Posts: 9

Just this week I upgraded my m0n0wall to v1.3. All is well in the transition.

I had thought that this new release was supposed to support multiple PPTP inside connections to a remote VPN server? Something related to NAT-T but I may be wrong about that. I've not been able to connect two clients to the same remote PPTP server.

I'd love to abandon PPTP for something more refined, but the remote server in at my employers HQ and beyond my control.

Michael
« Reply #4 on: January 03, 2010, 06:57:53 »
knightmb ****
Posts: 341

We are using a Monowall (version 1.232) firewall for our public network and we have multiple users that need to access a customer's PPTP VPN. None of the users are able to connect to this site using Microsoft's PPTP client from behind the MW, but they can all connect from home on their DSL/Cable modem connections. We have a pretty basic configuration with only a media router in front of the MW. It has one public IP address and is configured to allow everything going out. All other VPN clients (ipsec-based) work just fine behind the MW. Any ideas?
Just to clarify, you are connecting out from m0n0wall to another site with a VPN server? At least one connection should work, others that come in behind to the same server will not work.

Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #5 on: January 07, 2010, 04:58:58 »
cmb *****
Posts: 851

That's a limitation of the underlying ipnat's ability to NAT the GRE protocol. There is an update that adds that support, it didn't make 1.3 but maybe the next version.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines