pfSense Gold Subscription

Author Topic: Client Rules  (Read 2066 times)

0 Members and 1 Guest are viewing this topic.

Offline Lectrician

  • Full Member
  • ***
  • Posts: 125
  • Karma: +0/-0
    • View Profile
Client Rules
« on: June 08, 2010, 04:20:12 pm »
I have setup a PPTP user and have got PPTP client to connect successfully.  However, no access is available to anything on the lan - I assume because I need to setup a rule.  This is where I think I am struggling!

I am at a loss as to what sort of rule to create?

Thanks for any help.

Offline rpsmith

  • Full Member
  • ***
  • Posts: 234
  • Karma: +0/-0
    • View Profile
Re: Client Rules
« Reply #1 on: June 08, 2010, 06:24:28 pm »
you need a PPTP pass any rule similar to the default LAN rule.

Roy...

Offline Lectrician

  • Full Member
  • ***
  • Posts: 125
  • Karma: +0/-0
    • View Profile
Re: Client Rules
« Reply #2 on: June 09, 2010, 12:26:52 am »
Thanks.

Do I create that rule just in the PPTP VPN rule page not on the LAN or WAN page?

When I connect to the VPN my machine is recieving an IP address 192.168.101.0 with a subnet of 255.255.255.255?  I would have thought it would not issue an IP ending in a 0, and that the subnet would end in 0?

I am fairly sure I setup the PPTP connection page correctly......

Offline rpsmith

  • Full Member
  • ***
  • Posts: 234
  • Karma: +0/-0
    • View Profile
Re: Client Rules
« Reply #3 on: June 09, 2010, 01:28:30 am »
"Do I create that rule just in the PPTP VPN rule page"

Yes. the rule should look like this:

| * | PPTP clients | * | * | * | * |   | Default PPTP clients to any |

Example Config:

pfSense LAN IP: 192.168.32.1/24

PPTP Server Page:
Enable PPTP server
PPTP Server IP: 192.168.32.63
Remote address range: 192.168.32.64
Require 128-bit encryption checked

Roy...
« Last Edit: June 09, 2010, 01:45:46 am by rpsmith »

Offline Lectrician

  • Full Member
  • ***
  • Posts: 125
  • Karma: +0/-0
    • View Profile
Re: Client Rules
« Reply #4 on: June 09, 2010, 10:25:40 am »
I thought the remote subnet had to be in a different subnet to the PFsense LAN?

I tried it anyway and go t this error:

Quote
The following input errors were detected:

•The specified server address lies in the remote subnet.


Offline Lectrician

  • Full Member
  • ***
  • Posts: 125
  • Karma: +0/-0
    • View Profile
Re: Client Rules
« Reply #5 on: June 09, 2010, 10:31:13 am »
Ok, I changed rthe subnet back to what I had it as.

I had

PFsense LAN 192.168.100.1
PPTP Server 192.168.100.9 (my DHCP starts at 10).
PPTP remoe Lan 192.168.101.16

I then ticket the 128 encryption which I did not do earlier.  It now works.

I think you need to use a subnet ending in 16, 24 etc - I was trying 1.

I can ping the PFsense's LAN IP, can access the config pages, but I cannot ping or access the web interfaces of my attached wireless access points?  I assumed I would be able to with my client rule...  I can ping them from the diagnostics menu in the PFsense config.

Thanks for the help.
« Last Edit: June 09, 2010, 10:42:33 am by Lectrician »

Offline Lectrician

  • Full Member
  • ***
  • Posts: 125
  • Karma: +0/-0
    • View Profile
Re: Client Rules
« Reply #6 on: June 29, 2010, 11:37:03 am »
Hi - Anyone any idea why I cannot ping my access points through the PPTP tunnel?

If I use a port scanner I can see the PFsense server and connected machines, but not the access points.

The access points have static IP's outside the DHCP range - this would not be the issue would it?