Firewall/NAT

You last post is correct.  Say you have 123.456.78.128/29 for external, and 129 is your gateway.  This gives you 5 IPs, so 4 extras are available.  Note, however, that most users will not actually need a real IP.  It is usually only when a company has several people in one hotel all trying to VPN in at once.

As for the bandwidth, open up SNMP on the WAN to your own office IP.  Install cacti, and monitor the bandwidth of all your hotels.  I am just glad they stopped pushing "zero IP config" so hard.  That is a mess...

zero IP is a disaster....but they still all want plug n play for their devices without having to make setting changes to their devices....its crazy...thank you for all your help on this....we have had this VPN issue using Monowall now for over 4 years running and nobody would give a straight answer....I do wish though that the CP HTML code could be written to add at sign in a IP check box for a VPN user that will do all this NAT 1:1 stuff automatic for the guest...

i am trying to figure out how to instal cacti and it wont let me on my windows based machine...none of the icons in the php files are recognized....any suggestions how to install this on my pc here? thanks 

Do you have all of cacti's prerequisite dependencies installed? I don't think there will be much argument that Windows is not the best choice for this.

I have never installed it on Windows...  But Ubuntu is easy...  I use the 12.04 LTS because I hate frequent upgrades.

Use the instructions here...
https://www.digitalocean.com/community/articles/installing-the-cacti-server-monitor-on-ubuntu-12-04-cloud-server
Or here...
http://askubuntu.com/questions/148693/how-do-i-install-cacti
Or here...
https://help.ubuntu.com/community/Cacti

After installing the cacti backports ppa here...
https://launchpad.net/~micahg/+archive/ppa

(The ppa gives you the ability to add plugins like the aggregate graph.)

Will this run on a windows XP machine? So the VPN issue only solution is to use NAT 1:1 and there is no fix for Monowall software to allow any and all VPN traffic thru a single global IP when behind NAT???

thanks DR01

We can not fix other people servers...  Let me give you the scenario.

Bob comes in, connects to the net and VPNs to the office.  The office sees his internet IP, and goes "Hi, Bob!  You are at 123.45.67.89!  Good to see you."

Now Ted comes in, connects to the net and VPNs to the office.  The office sees his internet IP, and goes "What are you doing, Bob?  You are already here..."  Click.

How do we fix that?

I get all that so I guess my question is how does companies like Nomadix and Valuepoint claim they can handle multiple VPN traffic plug and play behind their routers that they claim work in Hotels?

any ideas?

The only Idea I can come up with is using the sign in page captive portal to add a feature or a check box that asks the user if they are going to need a VPN session....then if that box is checked Monowall inside the software would peform a 1:1 NAT for their IP and session and then assign a usable static from the sites ISP pool to them. Then after that session expired the 1:1 NAT info for them would be erased.


Do you think this is possible to add into the monowall software and integrate with the HTML code at CP sign in?

Thanks....

That is how nomadix does it.  And it could be added to CP, but it would be a lot of work.  Essentially you would need another server to go in with wget or curl to add that IP to 1 to 1 nat, and remove it later.

with the new 1.8.1 firmware is this VPN client issue now fixed so you dont have to perform NAT 1:1 each time for each client?  thanks

Nope, we have still not fixed other people VPN servers.    However, with the known (and overblown) security issues with PPtP, less companies are using it, and the modern IPsec and SSL based VPNs don't have this limitation.

thats good news...I only see the Ipsec Cisco based clients systems having issues currently. Others seem to be fine or dont call the help line to report their VPN issues.

And that is the old Cisco VPN that is slowly phasing out.  It is looking up!  Now we just have to hope a bird is not flying directly above us.