next »

[Alan87i]

I read the doc here http://doc.pfsense.org/index.php/PPTP_VPN and set up the PPTP server on 2 different PF 123 box's. Works great.
On my PF 123 box everyone gets the error 800 cannot connect.
I checked and triple checked. Can't find what I did wrong.
I did not restart the router!
On my PF box I have lusca cash running where as i have NO proxy running on the other two that work.
I'm out of ideas. Thanks for any !!

I checked the logs and find the WAN is blocking the request . I did not have to make any changes too the WAN rules on the other box's just the any/any to lan rule on the pptp rules page.

[Alan87i]

The client gets the error 800 and this is from my logs . I have the pptp rules set the same on 3 systems 2 work this one don't

[Alan87i]

After searching /tmp/rules.debug file on MY broken system and a working PPTP system I found that this file on mine does not contain any rules for PPTP.

from a working pptp system I xx ed out the wan IP

Code:

# make sure the user cannot lock himself out of the webGUI or SSH
anchor "anti-lockout"
pass in quick on fxp0 from any to 192.168.25.1 keep state label "anti-lockout web rule"

# PPTPd rules
anchor "pptp"
pass in quick on $wan proto gre from any to xx.xx.xx.162 keep state label "allow gre pptpd"
pass in quick on $wan proto tcp from any to xx.xx.xx.162 port = 1723 modulate state label "allow pptpd xx.xx.xx.162"

# SSH lockout
block in log quick proto tcp from <sshlockout> to any port 22 label "sshlockout"

anchor "ftpproxy"
anchor "pftpx/*"

# User-defined aliases follow

And from MY NON working system Well everything works fine except PPTP.

Code:

# make sure the user cannot lock himself out of the webGUI or SSH
anchor "anti-lockout"
pass in quick on em0 from any to 192.168.0.25 keep state label "anti-lockout web rule"

# SSH lockout
block in log quick proto tcp from <sshlockout> to any port 22 label "sshlockout"

anchor "ftpproxy"
anchor "pftpx/*"

# User-defined aliases follow

So the auto generated rules are not being generated . I got this far I have no idea how to fix this.
Allan

[rpsmith]

have you tried disabling the PPTP service (save/apply) and re-enabling it?  If that doesn't work you can always add the GRE and TCP-1723 WAN rules manually.  Seems like it might be better for them to be grayed out rather than hidden.

Roy...

[Alan87i]

Thanks for the reply
Yes I tried disable reboot re enable , backup and upload the config .
I have made the rules manually , well tried lol first try was not a success , 1 user testing the connection could login but could not get any access to the local lan.
I have redone the rules and hope to test it tonight or in the morning.

[rpsmith]

seems to me that disabling and re-enabling should re-create the hidden rules.  I'll try it on one of my test firewalls.

BTW, are you running today's release?

Roy...

[Alan87i]

Setting the rules manually worked tonight.
2 users could browse 2 servers with out any problems.

What I want this pptp connection to do is allow certain games on the client side to browse the connection and find my local server because it can't be added as a favorite or private server in the game it's self, tonight it didn't work.

I had both clients UN check the default gateway setting on their end when they setup the connection. Tomorrow We will set it back and try again.

[rpsmith]

PPTP doesn't pass broadcasts which is most likely your problem with games.  You might want to switch to OpenVPN site-to-site.  It's harder to setup but I believe it supports broadcasts.

Roy...

[Alan87i]

Do you think a wins server currently running on the local lan would work ?
Open VPN looks like a pile of work but if it's the only way I'll try it when time permits.
Thanks Allan

[rpsmith]

It depends on your game. I'm guessing WINS won't help but it's easy to setup so you might want to give it a try.  Also, the OpenVPN site-to-site stuff is not that hard to setup.  I'm not running the bridged version but the routed version was easy to get running.

Roy...

[Alan87i]

Just to confirm this I just found by accident what the rules were not created for the PPTP connection . IN system advanced there's a AUTO ad rules enable disable box  right at the bottom of the gui page. And I had a check in the box.
Allan