Re: Down the MPD road
From: Peter Pentchev (roam_at_ringlet.net)
Date: 05/10/03
- Previous message: Chris BeHanna: "Re: Down the MPD road"
- In reply to: Chris BeHanna: "Re: Down the MPD road"
- Next in thread: Mark Thomas: "Re: Down the MPD road"
- Reply: Mark Thomas: "Re: Down the MPD road"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 10 May 2003 17:59:15 +0300 To: Chris BeHanna <behanna@zbzoom.net>
On Sat, May 10, 2003 at 10:22:40AM -0400, Chris BeHanna wrote:
> On Saturday 10 May 2003 09:17, Michael Collette wrote:
> > Well, after working through the various options it looked like MPD would be
> > my best bet here. I've got it sort of working, but there's obviously some
> > tweaky I'm missing here.
> >
> > Recap of the scenario:
> > Full class C of static IPs segmented into 3 networks. Outside, DMZ,
> > Inside. Trying to get remote Windows users through securely to the Inside.
> > Remote users have dynamic IPs.
> >
> > What's working:
> > MPD is running, and authenticating my test XP box via PPTP. No
> > certificates or any IPSec involved here.
> > I can hit boxes on the Inside really solid now.
> >
> > The probs:
> > Apparently PPTP actually puts the remote machine IN the target network.
> > Sorry, I'm still pretty green on this PPTP stuff. Works a good bit
> > different than IPSec. Anyhow, once the remote box is connected all the
> > connections to the rest of the Internet are now coming from behind the
> > firewall. That'd be cool if it worked reliably.
> > While connected, when I attempt to browse around the public Internet some
> > pages just don't load, where others do. No rhyme or reason, and nothing
> > showing up in my logging of all denied packets via ipfw. For example, I
> > can hit CNN without a problem, then when I try news.google it never loads a
> > page. I can hit the main Yahoo page, but any of their other sites won't go.
> > Really odd.
>
> Here is where we descend into Windows-bashing. For some STUPID
> reason, when a Windows box connects to a VPN via PPTP, the Windows
> box's default route is adjusted to go through the VPN connection.
> This is fortunately fixable (Windows has a ROUTE command), but it
> requires your users to have half a clue:
>
> route delete 0.0.0.0
> route add 0.0.0.0 mask 0.0.0.0 gateway <ISP gateway> metric 1
> route add [InsideNetwork] mask [InsideMask] gateway [far end of VPN
> tunnel] metric 1
I cannot test this right now, so it is quite probable that you are
right, but couldn't this be controlled by the Properties >> Networking
>> Internet Protocol (TCP/IP) >> Properties >> Advanced >> General >>
>> Use default gateway on remote network?
Granted, that's a hell of a place to bury a little checkbox, but could
this possibly help? :)
G'luck,
Peter
-- Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence claims to be an Epimenides paradox, but it is lying.
- application/pgp-signature attachment: stored
- Previous message: Chris BeHanna: "Re: Down the MPD road"
- In reply to: Chris BeHanna: "Re: Down the MPD road"
- Next in thread: Mark Thomas: "Re: Down the MPD road"
- Reply: Mark Thomas: "Re: Down the MPD road"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
