I have 3 homed router: WAN, LAN, PUBLIC-LAN
These are permission rules:
From WAN to LAN: nothing permit
From LAN to *: all permit
From PUBLIC-LAN to LAN: nothing permit
From PUBLIC-LAN to WAN: captive portal (hotspot)
Everything go right.
Now I want add a PPTP over PUBLIC-LAN to permit some client to access LAN, so:
From PUBLIC-LAN with PPTP to *: permit all
For these clients I want only pptp authentication.
But the problem is that now these clients need:
open browser for hotspot authentication
open pptp client for pptp authentication
There is a method to use only pptp authentication (please don’t cookie or similiars for hotspot auth )?
We do this now, using several firewall and filter entries. However, it should be easier to do this as follows:
ip->hotspot->walled garden-> IP list->add
accept
protocol = 47 (GRE)
ip->hotspot->walled garden-> IP list->add
accept
port = 1723
Port 1723 and protocol 47 are used for PPTP. If you enable them in the walled garden, all of your public users in the hotspot should be able to access a PPTP server on the LAN.
I’m not positive if this will work, so let me know. I’m also going to try it myself
tomorrow.
If it doesn’t work, let me know and I’ll post the detailed firewall rules I’m using.
The problem with using firewall rules is that you have to put them at the top of the list in front of all the hotspot rules. Due to what I consider a bug, if you reboot, either on purpose or due to a power failure, all of the rules you manually entered will wind up the bottom and will no longer work.
)?