VPN

Hi All,

First I would like to thanks the m0n0wall comunity, I really appreciate your work and I m a big fan of your product.

I need to secure the access of a group of server inside a datacenter. At the moment, I have a m0n0wall 1.33 and some public internet IP adress that I would like to put in front of the group of server to make a VPN entry point to my servers.

I have done the following:
Wan : 195.7.102.37 (my Internet public IP adress)
Lan : 192.168.9.50 (where my server have an link as well, 192.168.9.201, 202, 203 etc...)

pptp server address : 192.168.9.70
pptp remote range : 192.168.9.0

When I try to connect with my windows pptp client, I actually see the connection attempt on the firewall state :
62.147.209.188    61794    195.7.102.37    1723    tcp    2    104    3:51

I have added a rule on the wan inteface to allow all incoming traffic:
Proto    Source    Port    Destination    Port    Description    
   *    *    *    *    *      

Same for the pptp "interface"
Proto    Source    Port    Destination    Port    Description    
   *    *    *    *    *      

I dont have anything in the firewall log, actually, I m logging evrything, and when I try to connect, I dont see anything blocked, or pass
only these connection in the firewall state...

And of course, my client cannot connect..

Any idea what I m doing wrong ?

thank you

pptp remote range : 192.168.9.0 is not valid.  Try something like:

pptp server address : 192.168.9.63
pptp remote range   : 192.168.9.64

also, you might want to move your LAN address to something more conventional like 192.168.9.1 /24

Roy...

Hello Rpsmith and thx.

Sadly I ve just done all those change, and it still doesnt work.

btw, something I did not mention, when I try to connect to the pptp on the lan IP adress of monowall, it works. Just the wan isnt working...

also, when I telnet monowall Lan on port 1723 :
telnet 192.168.9.50 (or 192.168.9.1 now that I ve done these change) 1723  : it work

when I try to telnet public IP adress on port 1723 :
telnet 195.7.102.37 1723 : it doesn’t work, nothing is blocked in the firewall log, and still, there is a line on the firewall that show the connection attempt..

I really cannot explain that =/

have you contacted you ISP to see if they are blocking any ports or possible the GRE protocol ?  Also, did you add or change any LAN rules ?

Roy...

Alternative: Vpn with IpSec.
The IPSEC vpn is too much secure, and is not difficult to implement it.

Even, the for mobile machines should be load a client side pvn like Safenet SoftRemoteLT.

have you contacted you ISP to see if they are blocking any ports or possible the GRE protocol ?  Also, did you add or change any LAN rules ?

Roy...

Yes, I believe too that the problem lies in GRE.
However usually quality ISPs won't block such protocols.
It could be a problem caused by some cheap SOHO router on the other end that allows only UDP/TCP, or maybe a corporate equipment that won't allow GRE on purpose.
Try other locations to connect from.