pfSense Gold Subscription

Author Topic: PPTP IPs assigned  (Read 1890 times)

0 Members and 1 Guest are viewing this topic.

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
PPTP IPs assigned
« on: October 28, 2009, 06:46:49 am »
Hi,

I wold like to double check this one. I have PPTP users who have both fixed IP addresses, they are assigned specific addresses when logging in (and I then use those addresses in FW rules) and some users get addresses from the server, there is no address entered in config for the user.

I assume that the ones in the second group never get any of the addresses used as fixed addresses (logged on or not).

Is this a correct assumption?

TIA,


Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: PPTP IPs assigned
« Reply #1 on: November 06, 2009, 05:43:54 am »
I would appreciate an answer to this question, a simple 'yes' or 'no' will suffice.

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: PPTP IPs assigned
« Reply #2 on: January 12, 2010, 01:13:45 pm »
I think it's quite unacceptable that this question has been unanswered for all this time, sorry. And there are lots of other questions on the forum with 0 answers too. This should be addresses in some organized manner I think. Only a few days ago someone I talk to about pfSense made the point about "many unanswered posts" being a "red flag" for him as a potential new user. I think his point is missing completely though, since there are thousands of replies on the forum, but still, that did catch his eye.

At one time I was searching the forum and the first three posts in the hit list were all relevant for my issue but neither had a single reply..


However, I have the answer to this specific question myself now - and I don't like it.
The answer is that clients logging on and not being assigned a specific IP do get IPs that are assigned to other users. I had one user being logged on and having access to servers he shouldn't have due to this.

This should be corrected asap. Otherwise one has to set IPs for all users to be sure no one gets an IP reserved for some other user (and used in FW rules for this purpose).

And if the number of users in the system are more than what's supported how should that be done?! pfSense wil surely complain when you set a user to an IP being used already or being outside the range specified by the /28.

What I would like and also thought already was the case, is that IPs assigned to individual users in config should NOT be used when assigning IPs to users that don't have a specific IP assigned in config.

If I'm missing something I'll be interested in hearing what that is.


Offline Abdsalem

  • Full Member
  • ***
  • Posts: 299
    • View Profile
Re: PPTP IPs assigned
« Reply #3 on: January 12, 2010, 02:39:29 pm »
If im not mistaken, the pptp server relies on ISC dhcpd to hand out ip's.

Generally with ISC dhcpd, if the ip's are within the scope of the dhcp range, static ip assignment to the same machine over time is not always guarenteed.

This is mentioned here

http://doc.pfsense.com/index.php/Why_can%27t_I_have_static_mappings_inside_my_DHCP_range%3F

Although it does not mention pptp server per se, I think this is what youre experiencing with your setup.

I could be completetly wrong.

Just my 2cent


Slam

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: PPTP IPs assigned
« Reply #4 on: January 12, 2010, 05:01:44 pm »
Thanks for your comments. That page actually clearified that potential issue quite well. DHCP pool on that subnet is .200-.215 and remote address range in PPTP srv config is set to .224/28 so it seem not to be within the range but perhaps it could still be applicable somehow.

Cheers,

« Last Edit: January 12, 2010, 05:07:38 pm by 0tt0 »