Down the MPD road

[Eric Anderson]

Michael Collette wrote:

>[..snip good stuff..]
>The probs:
>  Apparently PPTP actually puts the remote machine IN the target network.  
>Sorry, I'm still pretty green on this PPTP stuff.  Works a good bit different 
>than IPSec.  Anyhow, once the remote box is connected all the connections to 
>the rest of the Internet are now coming from behind the firewall.  That'd be 
>cool if it worked reliably.
>  While connected, when I attempt to browse around the public Internet some 
>pages just don't load, where others do.  No rhyme or reason, and nothing 
>showing up in my logging of all denied packets via ipfw.  For example, I can 
>hit CNN without a problem, then when I try news.google it never loads a page.  
>I can hit the main Yahoo page, but any of their other sites won't go.  Really 
>odd.
>
>I'm not sure if I've got an ipfw or mpd problem at this point.  I've tried a 
>dozen different ways to open up ipfw a LOT while still keeping it reasonably 
>closed.  This thing is in production and all.  If it'd help, I'll post the 
>relevant rule list here.
>
[..more snipping..]

Ok, I saw these problems too..  Remember that the vpn'd client's data is 
coming through the firewall, to the ng0 interface, and then leaving from 
there (when "surfing the net"), so you will have to have NAT set up (of 
some sort) and make sure your rules are open enough to allow the 
firewall to send packets from the ng0 interface on out and have them 
natted..  Some of your pages are probably loading from a cache, and not 
others... also,  you may want to add these lines to mpd.conf:
set iface enable proxy-arp
set iface mtu 1440

I found it fixed all my odd problems that I was having with XP clients..

Eric