m0n0wall PPTP VPN

[Joony]

I setup the VPN using their handbook here

I had a rule so that everything can go through the PPTP connection.

The problem is that I can't get internet access on the client side. Nor can I ping or traceroute the router 192.168.1.1, or anything public.

I can, however, access the web maintenance page of the router at 192.168.1.1, I can also remotely connect to a Server 2003 machine with Remote Desktop.

The client i'm using is the one built into Windows, I also used the one built into OS X tiger with no success either.

 

[InlineFive]

I'm pretty sure that this is normal for VPNs.

 

[Joony]

the person who wrote the guide was able to ping both the router and google.com, hmm

 

[crobusa]

Your VPN server is outside the LAN.

9.4. Subnetting and VLAN routing

You can select (as you will see later) to set the ?Sever Address? and ?Remote Address Range? to exist inside of the subnet that you defined for the LAN on the firewall. (e.g. IP Address and subnet bit you set for the LAN under Interfaces ? LAN on the m0n0wall menu.) Our example uses this setup. Pros and Cons? Well the major pro is that the firewall will allow traffic from this VLAN to route to the WAN (in most cases the Internet.) and it is nice and easy. Con?s, it allows people to rout to the WAN if you don?t want this then read the next paragraph.

You can also setup these two options to have an IP range that is outside of your LAN designation. E.g. LAN = 192.168.1.1/24 (really the 192.168.1.0/24 network) and the PPTP ?Server Address? and ?Remote Address Range? are set to 192.168.2.254 and 192.168.2.16/28 respectively. This will basically allow those using the PPTP connection to access the LAN, but the firewall will not route traffic for them to the WAN connection. Opt and WiFi networks will also be isolated depending on how you are routing to those networks and if they are in the same network segment (subnet) as the LAN.

 

[Joony]

The subnet I have for my LAN back at home is in the 192.168.1.x range.

The server IP in the PPTP VPN setting is 192.168.1.254

I also have remote address range set to 192.168.1.48

that should allow WAN access?

 

[RebateMonger]

Your firewall is blocking packets from the VPN client to the Internet. I know zilch about m0nowall, but ISA 2004 blocks packets from the VPN subnet to the Internet unless you allow them.

Many people just do a "split gateway" and tell the client to NOT use the VPN server as its Default Gateway. Instead, they use their local Default Gateway. That gets them Internet access whether they are on or off the VPN.

It's not considered secure....but it cetainly works.

 

[bluegreenturtle]

I always turn off the default gateway on the client side or I get similar issues.

 

[Joony]

I turned off the default gateway and I got internet working through the main ISP of the client. But I still want to use the internet through the VPN tunnel

RebateMonger, I looked at the firewall logs and it didn't seem to be blocking anything from port 80...