News: This forum is now permanently frozen.
Pages: [1]
Topic: PPTP traffic won't route to WAN  (Read 2040 times)
« on: June 12, 2007, 18:40:06 »
maclinwin *
Posts: 1

I've read every post on this subject and the manual, but I can't reach a WAN address when connected to the PPTP.

Split tunneling works fine if I enable it in my VPN client. If all traffic is routed through the PPTP connection, however, I have these symptoms:

Services: DNS Forwarder enabled:
Lookups to WAN addresses are SUCCESSFUL but browser times out opening pages.
Traceroute never clears the router LAN address (see logs below)
I can connect to the m0n0wall's web interface using it's public IP while the DNS forwarder is on

Services: DNS Forwarder disabled:
Lookups FAIL as do traceroutes (as in- they never even reach the LAN address of the router)
I CANNOT connect to the m0n0wall's web interface using it's public IP.

Ideal setup would use DNS forwarding so that non-routable intranet websites on the LAN resolve via DNS name, so I'll start with those setup details, but keep in mind that even with DNS forwarding off, I still can't route to the WAN from a PPTP connection.

PPTP setup: Server address: 192.168.1.99- a verified routable address on our subnet.

Firewall: Rules: PPTP VPN:
Proto         Source    Port  Destination  Port          
TCP/UDP    *    *    *             *
(have also tried "*" for protocol)

DNS Forwarder: enabled

System:General Setup: DNS Servers - our ISP's DNS servers

Client Details (Log):
Tue Jun 12 09:11:47 2007 : ipcp: returning Configure-REJ
Tue Jun 12 09:11:47 2007 : sent [IPCP ConfRej id=0x2 <compress VJ 0f 00>]
Tue Jun 12 09:11:47 2007 : rcvd [IPCP ConfReq id=0x3 <addr 192.168.1.99>]
Tue Jun 12 09:11:47 2007 : ipcp: returning Configure-ACK
Tue Jun 12 09:11:47 2007 : sent [IPCP ConfAck id=0x3 <addr 192.168.1.99>]
Tue Jun 12 09:11:47 2007 : ipcp: up
Tue Jun 12 09:11:47 2007 : local  IP address 192.168.1.16
Tue Jun 12 09:11:47 2007 : remote IP address 192.168.1.99
Tue Jun 12 09:11:47 2007 : primary   DNS address 192.168.1.1
Tue Jun 12 09:11:47 2007 : secondary DNS address 66.134.75.39

Client Details: (traceroute www.yahoo.com)
Traceroute has started ...

traceroute to www.yahoo-ht3.akadns.net (209.131.36.158), 64 hops max, 40 byte packets
 1  192.168.1.99 (192.168.1.99)  54.021 ms  23.718 ms  62.051 ms
 2  * * (never gets anwhere)

Clients Details: (dig)
;; QUESTION SECTION:
;www.yahoo.com.         IN   A

;; ANSWER SECTION:
www.yahoo.com.      287   IN   CNAME   www.yahoo-ht3.akadns.net.
www.yahoo-ht3.akadns.net. 47   IN   A   209.131.36.158
.....
;; Query time: 53 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Jun 12 09:12:09 2007
;; MSG SIZE  rcvd: 352

Thinking the WAN must be blocking it, I created explicit rules on the WAN interface to allow traffic to and from the PPTP clients:

Proto  Source    Port  Destination Port      
*    PPTP clients   *        *               *    
*        *             *   PPTP clients  *     

Maybe something wrong with the Virtual interface created for the PPTP server address (192.168.1.99)?
« Reply #1 on: July 29, 2007, 07:58:03 »
XIII *
Posts: 15

I have the same problem. Both networks are different ip's and I can access everything on both networks except internet, intranet is the only thing that works.

Figured it out go to your m0n0wall and under firewall click rules then pptp vpn, add a new rule. Protocol is any, name it and save presto ALL traffic is then allowed to flow uninterrupted to the remote m0n0wall and your computer will act as if it is a computer at the remote site. the reason we had problems to begin with is because we were only allowing tcp traffic the internet is http so when you allow all it is as if you are on a computer at the remote site. If you look in your firewall log you will see denied coming from your remote computer with the udp protocol so set it to allow all protocols so it will fix this and any other problems that you would have.
« Last Edit: July 29, 2007, 08:27:21 by XIII »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines