The pfSense Store

Author Topic: Connect to remote PPTP server , pfsense pptp server disabled  (Read 2627 times)

0 Members and 1 Guest are viewing this topic.

Offline jokuji

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Connect to remote PPTP server , pfsense pptp server disabled
« on: February 10, 2014, 09:28:33 am »
Am new to pfsense, so this confusion !

I have read the limitation of connecting to a remote pptp server from behind a pfsensed nat , however just to be sure that I have not misread , I am putting this up.

Below is my setup.
 
WAN (permanent public IP) ------------------ pfsense Box --------------------- two NICs  ---- NIC 1  ----------  for  LAN ( dhcp ) 192.168.3.0/24
                                               (no pptp server enabled on pfsense box)                    ---- NIC 2  ----------  for WLAN (dhcp ) 192.168.4.0/24


I have a single remote pptp server with accounts user1, user2. So would it be possible for hosts behind lan for eg, 192.168.3.5 and 192.168.3.6 connect to their respect accounts user1 and user 2, the remote pptp server IP being the same ?

According to the limitation here - http://www.pfsense.org/about-pfsense/features.html#nat , I am assuming the above would not be possible ?


I do not have the option to setup a different pptp server ip for each user as this is not practical, nor do I have that many free WAN ips for my lan users. Is there any other way to use pptp vpn itself ?

I did try to setup another virtual ip(from the additional wan ips from my isp) as described in the pfsense doc  https://doc.pfsense.org/index.php/Connect_to_a_remote_PPTP_server_when_you_have_the_pfSense_PPTP_server_enabled, however I am unable to connect from two hosts on my lan. From the diagnostics Ping, I was able to ping the internet from my main wan IP and the additional virtual IP though !?


Thanks

Offline TDJ211

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +2/-0
    • View Profile
Re: Connect to remote PPTP server , pfsense pptp server disabled
« Reply #1 on: July 20, 2016, 10:32:03 am »
I know this is old....but this is the most recent thread asking this question. I thought I would share how I was FINALLY able to connect to a remote PPTP VPN behind pfSense. It's actually quite simple. It's a Cisco VPN router btw

Create firewall rule on both WAN and LAN to pass the GRE protocol. And thats it!!

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: Connect to remote PPTP server , pfsense pptp server disabled
« Reply #2 on: July 20, 2016, 02:32:56 pm »
Create firewall rule on both WAN and LAN to pass the GRE protocol. And thats it!!

Only on LAN, the WAN rule isn't doing anything useful and should be removed.

Offline TDJ211

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +2/-0
    • View Profile
Re: Connect to remote PPTP server , pfsense pptp server disabled
« Reply #3 on: July 20, 2016, 05:08:57 pm »
Ahhh ok, thanks for the clarification!

Offline Soyokaze

  • Full Member
  • ***
  • Posts: 174
  • Karma: +20/-2
    • View Profile
Re: Connect to remote PPTP server , pfsense pptp server disabled
« Reply #4 on: July 20, 2016, 07:48:27 pm »
To be specific, in order to successfully connect to external (to your LAN and pfSense) PPTP servers you should allow to pass both GRE and TCP:1723.
So, in case you are network controlling maniac without proper knowledge (or just don't have default 'allow ANY PROTO from LAN to ANY' rule for any reason), you should add two rules to your LAN interface:
Action: Pass, Protocol: TCP, Source: LAN net, Destination: any, Destination port range: PPTP (1723)
Action: Pass, Protocol: GRE, Source: LAN net, Destination: any
Need full pfSense in a cloud? PM for details!