VPN

Hello
I have a windows 2003 server with remote access enable to do vpn.
I want to 'port forward' or something similar in m0n0wall to allow users to connect via vpn but I don't manage to configure m0n0wall for this.
 
I have set up the internal IP address of the server in pptp redirect box but I don't even see firewall logs for this redirection
I really don't know what to do... I have looked everywhere and tried everything..
from windows I get a 800 error.
if anyone can give some hints, links.. i'll be grateful.
thank you

What you did is correct. That forwards the appropriate ports and protocols to your internal server, though you can't see it in the NAT or rules shown in the GUI (check status.php for the full ruleset).

I've never heard of an 800 error, I would check your server configuration.

I advise you to go step-by-step:
1) You should check if your PPTP server properly configured. Try to make connection from local NET PC.
2) make sure that you entered your local PPTP server address in m0n0's VPN PPTP configurtion field "Redirect incoming PPTP connections to:"
3) make sure that you entered NAT rules for port 1723 (TCP) (you can check box for log if you like) and GRE (47 prot.) packets on WAN. Check "Auto-add a firewall rule to permit traffic through this NAT rule" this wil automaticaly create firewall rules for you.

[don't]

3) make sure that you entered NAT rules for port 1723 (TCP) (you can check box for log if you like) and GRE (47 prot.) packets on WAN. Check "Auto-add a firewall rule to permit traffic through this NAT rule" this wil automaticaly create firewall rules for you.

The first two steps are fine, but don't do this. For one, it's entirely unnecessary. It's done automatically when you configure it to forward to your internal server. Second, you can't NAT GRE anyway unless it's a 1:1 NAT'ed host.

I am assuming you used the add and remove role feature in windows server. Did you set the VPN to use dial in or through broadband connection. Also do you have this sitting on a domain with the intent to use windows authentication, if so make sure that the user account that you will be using from active directory is set to allow dial in.

[don't]

The first two steps are fine, but don't do this. For one, it's entirely unnecessary. It's done automatically when you configure it to forward to your internal server. Second, you can't NAT GRE anyway unless it's a 1:1 NAT'ed host.

Yes that's right you can't NAT GRE - just need to open on firewall. Regarding firewall rules for PPTP: if they are included automaticaly then you do redirecting to intranet PPTP server - that's fine. But my expirience from prior m0n0 versions (some v1.0) was a little bit different. Later I made decision to use m0n0's PPTP server and rules was inserted for me by m0n0wall. Anyway - these boxes working flawlessly except IPsec m0n0<->Windows - tunnel constantly is droped and reesteblished problem.  Sure box'es are upgraded to latest wersion periodicaly).

the pptp server is working properly because when I try to access through something else than m0n0wall (ipcop) the connection can be done.
the deal is to replace ipcop with m0n0wall.
all the permission are set fine, the user have the rights to access the vpn.
there's just a problem with configuration of m0n0wall.
I have set up the address ip of the pptp server in the redirect box in the webgui.
as for the nat I have set "inbound" for the wan Interface . I do not know if I must choose something else.
I chose protocol TCP
external port range : 1723
nat IP: the address of the server
int port range : 1723

I see no option to log the nat
I have also manually open ports for gre but i don't know if i must open a specific port in wan and lan interfaces .
my gre rules on wan are:
Source : any
Port : any
destination : ip of pptp server
port: any

in the lan interface the setting are the same. still I can't connect.
sometimes I can get in but mostly I can't reach the server.
what could I do to troubleshoot and see where the connection is blocking?

thank you very much.

As cmb said, take out all the rules and NATs that you've put in for 1723 and GRE - they will just screw it all up.

how to remove rules that I do not see?
sometimes I have choosed in the rules interface PPTP and they don't appear in the list of rules. How to delete those?
in short ..i just add the address of the server in the redirect box and then nothing else? just to be sure...
thank you very much.

You need to reset to defaults and start over, from what you have said I have no idea what you've attempted to do and that's just easiest to get rid of all the crap you've attempted to enter that's wrong.

Then do nothing but this, with a clean config:

Go to VPN-> PPTP

Select "Redirect incoming PPTP connections to" and fill in the server IP in the PPTP redirection box. Click Save.

That's it. You're done.