2015-09-21 - Re: [GRASE-Hotspot] VPN PPTP options

Header Data

From: David Wilson <da***e@argyle.com.au>
Message Hash: bfd045aa8658a96b1375f368e03835e8953973cbf687b3e76a3ce18b73c04d1a
Message ID: <D0B1523B-85E5-4F3A-95C6-DE7B6E9C266A@argyle.com.au>
Reply To: <027DF0743282704CAFA3948002E2396601A79E7614@HLVWDBACFEXC02.acfgroup.local>
UTC Datetime: 2015-09-21 16:06:52 UTC
Raw Date: Tue, 22 Sep 2015 09:06:52 +1000

Raw message 

Paul & Tim, 

I have exactly the same issue with a client where they have Grase guests that are trying to make a PPTP connection outbound to their work but cannot. 

In my environment I have a NAT firewall that connects the public IP from the ISP and provides an internal IP address range (DMZ) that the Grase public side connects to. 
And then Grase has a 2nd NIC that connects to the Guest wifi. 

Therefore there is a double NAT happening. 

ie: 	The guests get a Grase IP and are NAT’ed to the public side of the Grase which is a DMZ address. 
	The public side of Grase is then NAT’ed to the internet. 


So far I have just created some NAT rules on the outer router to forward any PPTP stuff back to Grase (i.e. GRE and 1723) and that has not worked. 
Although I didn’t really expect it to, as the PPTP 1723 is outbound and should not have anything initiating back to the clients. 
I have checked that I have all replies catered for. 

As the customer is remote (and therefore almost impossible for me to test) I am now going to replicate the network here so I can fault find it. 

Paul, is your setup the same topology and my situation (i.e. double NAT)?


Dave 



> On 21 Sep 2015, at 10:32 pm, Paul van Oijen <Pa***n@abnamrocomfin.com> wrote:
> 
> Hai Tim,
> 
> I plugged in another router to work outside the Linux hotspot box and then the VPN tunnel works well.
> Once I use the hotspot again it always fails to connect to my VPN.
> 
> As example I have a dd-wrt router with PPTP enabled on the outside and I would like to connect to that via the hotspot establishing a tunnel from my android phone to that network behind the dd-wrt router but that always fails.
> As mentioned not having the hotspot in between but another wireless device works well.
> 
> So it's from the inside to the outside. What would you advise to check to see what the issue could be?
> 
> Chrs Paul  
> 
> -----Oorspronkelijk bericht-----
> Van: Timothy White [mailto:ti***8@gmail.com <mailto:ti***8@gmail.com>] 
> Verzonden: zondag 20 september 2015 12:42
> Aan: Grase Hotspot
> Onderwerp: Re: [GRASE-Hotspot] VPN PPTP options
> 
> Hi Paul
> 
> Can you please make it a bit clearer what you are asking. Are you wanting to allow users to make PPTP connections outgoing? Or do you want incoming connections to a client? Do you want clients to make a PPTP connection to the Hotspot?
> 
> I believe, but can't test as I don't use PPTP anymore, that outgoing connections should work already.
> 
> Regards
> 
> Tim
> 
> On Fri, Sep 18, 2015 at 7:01 PM, Paul van Oijen <Pa***n@abnamrocomfin.com> wrote:
>> Hello,
>> 
>> 
>> 
>> Small question what options does one have to allow a PPTP (VPN) 
>> connection to hotspot users?
>> 
>> 
>> 
>> Either selective (ipbased / user based) or if not possible to all users.
>> 
>> 
>> 
>> Chrs …
>> 
> http://www.abnamrocomfin.com/maildisclaimer
> 
> -- 
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> --- 
> You received this message because you are subscribed to the Google Groups "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at http://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/027DF0743282704CAFA3948002E2396601A79E7614%40HLVWDBACFEXC02.acfgroup.local <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/027DF0743282704CAFA3948002E2396601A79E7614%40HLVWDBACFEXC02.acfgroup.local>.

Thread