The pfSense Store

Author Topic: 2 systems work fine Mine does not  (Read 2165 times)

0 Members and 1 Guest are viewing this topic.

Offline Alan87i

  • Full Member
  • ***
  • Posts: 269
  • Karma: +0/-0
    • View Profile
2 systems work fine Mine does not
« on: December 05, 2010, 07:42:02 pm »
I read the doc here http://doc.pfsense.org/index.php/PPTP_VPN and set up the PPTP server on 2 different PF 123 box's. Works great.
On my PF 123 box everyone gets the error 800 cannot connect.
I checked and triple checked. Can't find what I did wrong.
I did not restart the router!
On my PF box I have lusca cash running where as i have NO proxy running on the other two that work.
I'm out of ideas. Thanks for any !!

I checked the logs and find the WAN is blocking the request . I did not have to make any changes too the WAN rules on the other box's just the any/any to lan rule on the pptp rules page.
« Last Edit: December 06, 2010, 07:57:20 am by Alan87i »

Offline Alan87i

  • Full Member
  • ***
  • Posts: 269
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #1 on: December 06, 2010, 08:50:25 am »
The client gets the error 800 and this is from my logs . I have the pptp rules set the same on 3 systems 2 work this one don't

Offline Alan87i

  • Full Member
  • ***
  • Posts: 269
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #2 on: December 06, 2010, 02:08:29 pm »
After searching /tmp/rules.debug file on MY broken system and a working PPTP system I found that this file on mine does not contain any rules for PPTP.

from a working pptp system I xx ed out the wan IP
Code: [Select]
# make sure the user cannot lock himself out of the webGUI or SSH
anchor "anti-lockout"
pass in quick on fxp0 from any to 192.168.25.1 keep state label "anti-lockout web rule"

# PPTPd rules
anchor "pptp"
pass in quick on $wan proto gre from any to xx.xx.xx.162 keep state label "allow gre pptpd"
pass in quick on $wan proto tcp from any to xx.xx.xx.162 port = 1723 modulate state label "allow pptpd xx.xx.xx.162"

# SSH lockout
block in log quick proto tcp from <sshlockout> to any port 22 label "sshlockout"

anchor "ftpproxy"
anchor "pftpx/*"

# User-defined aliases follow

And from MY NON working system Well everything works fine except PPTP.



Code: [Select]
# make sure the user cannot lock himself out of the webGUI or SSH
anchor "anti-lockout"
pass in quick on em0 from any to 192.168.0.25 keep state label "anti-lockout web rule"

# SSH lockout
block in log quick proto tcp from <sshlockout> to any port 22 label "sshlockout"

anchor "ftpproxy"
anchor "pftpx/*"

# User-defined aliases follow

So the auto generated rules are not being generated . I got this far I have no idea how to fix this.
Allan

Offline rpsmith

  • Full Member
  • ***
  • Posts: 234
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #3 on: December 06, 2010, 05:24:20 pm »
have you tried disabling the PPTP service (save/apply) and re-enabling it?  If that doesn't work you can always add the GRE and TCP-1723 WAN rules manually.  Seems like it might be better for them to be grayed out rather than hidden.

Roy...
« Last Edit: December 06, 2010, 05:28:42 pm by rpsmith »

Offline Alan87i

  • Full Member
  • ***
  • Posts: 269
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #4 on: December 06, 2010, 06:20:50 pm »
Thanks for the reply
Yes I tried disable reboot re enable , backup and upload the config .
I have made the rules manually , well tried lol first try was not a success , 1 user testing the connection could login but could not get any access to the local lan.
I have redone the rules and hope to test it tonight or in the morning.

Offline rpsmith

  • Full Member
  • ***
  • Posts: 234
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #5 on: December 06, 2010, 06:33:06 pm »
seems to me that disabling and re-enabling should re-create the hidden rules.  I'll try it on one of my test firewalls.

BTW, are you running today's release?

Roy...

Offline Alan87i

  • Full Member
  • ***
  • Posts: 269
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #6 on: December 06, 2010, 08:49:22 pm »
Setting the rules manually worked tonight.
2 users could browse 2 servers with out any problems.

What I want this pptp connection to do is allow certain games on the client side to browse the connection and find my local server because it can't be added as a favorite or private server in the game it's self, tonight it didn't work.

I had both clients UN check the default gateway setting on their end when they setup the connection. Tomorrow We will set it back and try again.

Offline rpsmith

  • Full Member
  • ***
  • Posts: 234
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #7 on: December 06, 2010, 09:22:51 pm »
PPTP doesn't pass broadcasts which is most likely your problem with games.  You might want to switch to OpenVPN site-to-site.  It's harder to setup but I believe it supports broadcasts.

Roy...

Offline Alan87i

  • Full Member
  • ***
  • Posts: 269
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #8 on: December 07, 2010, 07:18:56 am »
Do you think a wins server currently running on the local lan would work ?
Open VPN looks like a pile of work but if it's the only way I'll try it when time permits.
Thanks Allan

Offline rpsmith

  • Full Member
  • ***
  • Posts: 234
  • Karma: +0/-0
    • View Profile
Re: 2 systems work fine Mine does not
« Reply #9 on: December 07, 2010, 02:02:14 pm »
It depends on your game. I'm guessing WINS won't help but it's easy to setup so you might want to give it a try.  Also, the OpenVPN site-to-site stuff is not that hard to setup.  I'm not running the bridged version but the routed version was easy to get running.

Roy...

Offline Alan87i

  • Full Member
  • ***
  • Posts: 269
  • Karma: +0/-0
    • View Profile
SOLVED Re: 2 PPTP systems work fine Mine does not
« Reply #10 on: December 07, 2010, 03:02:13 pm »
Just to confirm this I just found by accident what the rules were not created for the PPTP connection . IN system advanced there's a AUTO ad rules enable disable box  right at the bottom of the gui page. And I had a check in the box.
Allan