Netgate SG-1000 microFirewall

Author Topic: PPTP forwarding with pfsense 2.3  (Read 6001 times)

0 Members and 1 Guest are viewing this topic.

Offline dweiler

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
PPTP forwarding with pfsense 2.3
« on: April 13, 2016, 01:58:51 pm »
I know PPTP was removed in Pfsense 2.3 and I do plan on moving to a new VPN type but until I can get everything working with IKEv2, how can i passthrough PPTP to a windows server, I forwarded TCP port 1723 to the server and forwarding all GRE protocol packets to the server but it doesn't seem to work, is there something special I need to do?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #1 on: April 13, 2016, 02:27:16 pm »
Port forwards for TCP/1723 and GRE are all the old "redirect" option used to use.

Code: [Select]
if (isset($config['pptpd']['mode']) && ($config['pptpd']['mode'] != "off")) {
if ($config['pptpd']['mode'] == "redir") {
$pptpdtarget = $config['pptpd']['redir'];
$natrules .= "# PPTP\n";
$natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto gre from any to any -> {$pptpdtarget}\n";
$natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto tcp from any to any port 1723 -> {$pptpdtarget}\n";
}
}
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline dweiler

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #2 on: April 13, 2016, 03:23:07 pm »
thanks, this helped. now i can work on doing a different VPN technology while people can still connect, yes i know i'm a terrible and should've switched long ago. :/

Offline whanksta

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #3 on: April 14, 2016, 09:20:21 am »
I am even worse, but how do you implement this code?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #4 on: April 14, 2016, 09:23:36 am »
No need to use the code -- it was merely an example to show the rules needed. Just make two port forwards: One to forward TCP port 1723 to your target server, one to forward all GRE to your target server.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline commandoathens

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #5 on: April 29, 2016, 03:26:24 pm »
Hi to all I feel a little bit victimized since its the first I upgrade and lose immediately so many features like nut,bandwidthd and pptp of course for my iphone.
I cant seem to make it work forwarding 1723 to another router how exactly can I forward GRE I cant seem to find a tutorial about that and please is there any chance this ipsec will work woth iphone ios 7.1?
Thanks a lot in advance.

Offline silliwk53

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #6 on: May 05, 2016, 10:22:45 am »
GRE is a protocol.  In the Firewall menu, select NAT and then add a new rule.  Select the correct Interface and then select GRE in the protocol dropdown.  Enter the redirect LAN address for your PPTP server.  As long as you have completed a similar NAT rule for port 1723 and allowed the pfSense to auto create the firewall rules you should be good.  I utilize a source alias that is not required but would certainly be recommended for anyone continuing to utilize PPTP.

Offline commandoathens

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #7 on: May 07, 2016, 06:03:59 am »
Hello my friend I have tried it nothing works .Inside my lan my iphone connects to my mikrotik pptp really fast.
Outside the network pptp is not forwarded properly something missing.Any ideas will be much appreciated since I am locked out for a week now.
Ps I dont care about the security .
Thanks.

Offline silliwk53

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #8 on: May 08, 2016, 08:21:14 am »
It appears that your destination addresses are incorrect.  Try changing the destination in both NAT rules to WAN net address in the destination drop down menu.  This would be used if you are trying to access from the outside utilizing the public IP that is assigned to your pfSense WAN interface.  If you have more than one static public IP and you are using something different in a 1:1 relationship with your PPTP server than your destination needs to be that specific public IP that you are using in the 1:1 relationship.

Offline commandoathens

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #9 on: May 10, 2016, 08:59:40 am »
My apologies it seems I cant forward anything to that other mikrotik ip for some reason not even https maybe a mikrotik firewall problem I will look into it.
Sorry for the delay

Offline commandoathens

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: PPTP forwarding with pfsense 2.3
« Reply #10 on: May 15, 2016, 05:59:02 am »
I had some time this weekend so I tried the wizard for openvpn and it worked for the iphone .Just create an open vpn server with the wizard,add a pfsense user with the new CA you created and then export the openvpn file to ur pc and upload it to ur iphone by running it via an email or itunes file upload.Remember to tick send all traffic through tunnel so openvpn can route correclty through ur pfsense gateway
Thanks I feel more secure now,although I still have PPTP router to my synology for conditions where I cant use openvpn