Netgate SG-1000 microFirewall

Author Topic: PPTP - Access remote LAN only, not Internet through it too  (Read 2525 times)

0 Members and 1 Guest are viewing this topic.

Offline Javik

  • Jr. Member
  • **
  • Posts: 59
  • Karma: +2/-0
    • View Profile
PPTP - Access remote LAN only, not Internet through it too
« on: February 08, 2015, 02:54:31 pm »
How do I set up a PPTP connection so that when connected to the VPN, access is provided only to the remote LAN but not also the Internet as well?

The remote business LAN is using a 172.16.0.0/16 private range
Let's pretend the business WAN IP is 44.44.44.44
The home computer is using 192.168.1.1/24 and 192.168.10.1/24

When I set up the PPTP link, I don't really know what to put into the two boxes, so I just pick some random new networks for both of them that doesn't overlap anything else.

Server address: 192.168.197.1
Remote address range: 192.168.196.1

Set up Windows VPN connection to it, and... it works!



Except it starts routing all Internet traffic through the VPN too, which I don't want.

Okay, so I see I need to go into the VPN properties for IPv4 and IPv6 advanced settings, and uncheck "Use the remote gateway".

That stops the Internet traffic but now I can't reach anything on the business LAN 172.16.0.0/16 either.


I tried setting the VPN remote address to an unused address within 172.16.0.0/16  ... (172.16.200.1), but that doesn't work because the VPN mask for that address is 255.255.255.255 and I can't figure out how to change the mask.

How is this done?

Offline Javik

  • Jr. Member
  • **
  • Posts: 59
  • Karma: +2/-0
    • View Profile
Re: PPTP - Access remote LAN only, not Internet through it too
« Reply #1 on: February 08, 2015, 06:12:12 pm »
Woo! I figured it out.

I just need to add a custom route to my remote Windows:

Quote
Elevated (UAC) command prompt:
C:\Windows\system32>route -p add 172.16.0.0 MASK 255.255.0.0 192.168.196.1
 OK!

-p makes it persistent so the route doesn't go away when the VPN closes or the system (Windows 7) reboots.

Offline almabes

  • Full Member
  • ***
  • Posts: 279
  • Karma: +28/-2
    • View Profile
Re: PPTP - Access remote LAN only, not Internet through it too
« Reply #2 on: April 24, 2015, 12:22:15 pm »
There's a checkbox buried on the VPN connection. Uncheck "Use default gateway on remote network". 

Bring up the VPN Connection Properties and select the networking tab
select IPv4 and click Properties...
Click Advanced...

This can break things if your PPTP IP is not on the same subnet as the remote LAN so YMMV.


Offline Aomeonbaby

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: PPTP - Access remote LAN only, not Internet through it too
« Reply #3 on: February 16, 2016, 10:09:47 pm »
This issue has just happened to me yesterday. I preferred to