Creating a PPTP tunnel using Monowall
A break from development a bit here, but in getting settled down into the new place, one of the things I decided to go ahead and do was use a Monowall box as my primary firewall. For years I've been using a Linksys Wireless router, and it's still serving it's purpose in Charlotte until we get the rest of the house moved up.
The biggest advantage to using Monowall for me is the ability to set up a VPN server using IPSec or PPTP. It can host the server itself, which is a nice bonus. With a PPTP VPN in place, I can connect from public access points, and still know my traffic is safe.
Setting it up turned out to be a breeze. First I hooked Monowall up with my cable modem as the WAN and my local network as the LAN. I made sure everything was passing traffic to the internet, which it was. Next, I went into the Monowall configuration screen to VPN->PPTP. The page can be broken down into four sections:
Enabling PPTP
Here you just mark that you want to enable the PPTP server. Optionally you could have PPTP connections redirected to an existing PPTP server if you have one internally.
Server addresses
Here you specify what address you want the PPTP server to use internally, and the address range you want to assign to connecting clients. In this case PPTP clients will get an IP from 192.168.0.112 - 192.168.0.128
RADIUS Authentication
If you have a radius server you want to use for authentication, you can enter that here. If not, when you finishing setting up the connection a Users tab will appear that will let you specify authentication.
Encryption
Finally, I enabled 128 Bit encryption. Since we'll be using XP to connect, I know that 128 Bit is built in.
You'll also notice at the bottom of that last screen shot is an important note telling you to enter a firewall rule for PPTP clients. Luckily they make this easy too. Once you've save the rule and added users, head over to the Firewall->Rules page and add a new rule. My PPTP rule looks like:
And that's it! To connect to it, I simply set up a new connection using the wizard in XP, pointed it to my server, and logged in. I tested it internally (from the LAN) first, and then tried it from an outside connection.
Monowall is a great little firewall that happens to provide some great capabilities as well. If you need VPN access, hopefully this helped you get it up and running.
Happy surfing!
The biggest advantage to using Monowall for me is the ability to set up a VPN server using IPSec or PPTP. It can host the server itself, which is a nice bonus. With a PPTP VPN in place, I can connect from public access points, and still know my traffic is safe.
Setting it up turned out to be a breeze. First I hooked Monowall up with my cable modem as the WAN and my local network as the LAN. I made sure everything was passing traffic to the internet, which it was. Next, I went into the Monowall configuration screen to VPN->PPTP. The page can be broken down into four sections:
Enabling PPTP
Here you just mark that you want to enable the PPTP server. Optionally you could have PPTP connections redirected to an existing PPTP server if you have one internally.
Server addresses
Here you specify what address you want the PPTP server to use internally, and the address range you want to assign to connecting clients. In this case PPTP clients will get an IP from 192.168.0.112 - 192.168.0.128
RADIUS Authentication
If you have a radius server you want to use for authentication, you can enter that here. If not, when you finishing setting up the connection a Users tab will appear that will let you specify authentication.
Encryption
Finally, I enabled 128 Bit encryption. Since we'll be using XP to connect, I know that 128 Bit is built in.
You'll also notice at the bottom of that last screen shot is an important note telling you to enter a firewall rule for PPTP clients. Luckily they make this easy too. Once you've save the rule and added users, head over to the Firewall->Rules page and add a new rule. My PPTP rule looks like:
And that's it! To connect to it, I simply set up a new connection using the wizard in XP, pointed it to my server, and logged in. I tested it internally (from the LAN) first, and then tried it from an outside connection.
Monowall is a great little firewall that happens to provide some great capabilities as well. If you need VPN access, hopefully this helped you get it up and running.
Happy surfing!
posted by Cory Foy at
3:48 PM
9 Comments:
Thanks Cory, it was useful for us, Juan and me.
Luis.
By
Anonymous, at 1:15 PM
Hi Cory,
Thank you for your great how-to. I would like to set something like this up for myself as well. I currently have a vnc connection setup which allows me to connect from work and any other place that has the internet, however I feel that it is not as secure as a vpn from my understanding of a vpn. My question is does this set up allow you like a vnc to take control of a machine and access a specific computer on your network? Secondly how do you connect from the outside world, is there specific software that must be used. Any suggestions and help is much appreciated.
Thank you,
Denis
By
Anonymous, at 10:20 AM
Hi
I have create this pptp tunnel et it work fine except i lost my connection after about 1hour
if you hane an idea
stan.way@laposte.net
By
Anonymous, at 9:25 AM
very usefull, worked like a charm!
By
SHRIKEE, at 10:36 PM
Thanks -it was very helpful!!! But what about compression ??
thx LeoLinux
By
Anonymous, at 6:59 PM
Thanks a lot Cory, but do you know if it's possible to have 2 VPN's on the same firewall ??? (i need to build 2 differents VPN toward 2 different server)
Thank's
Jean Francois
By
jeffpils, at 2:19 AM
Recently I need to install wireless service to my PC monowall router but I have no clue on how to do it. Is that I just need to buy a wireless, plug it in the PC and config it to work?
Elvis
Internet Marketing Watch
By
EasyCrossover, at 11:12 PM
Hi everyone,
Thank ypu for your tutorial, it working fine only my local network when I try to connect via internet it a little bit slow at verify username and password and show me error:619 after second
I already forward gre and tcp 1723 port in my router
anybody have an idea please e-mail me back
admin@laimaiart.com
By
Anonymous, at 8:14 PM
Thanks for the quick guide. M0n0Wall Rocks!
By
Brian, at 11:17 AM
Post a Comment
Links to this post:
Create a Link
<< Home