PPTP and CARP

UnderCover · Jan 31, 2008, 2:17 PM

is there a way I can enable PPTP and use the "virtual IP" (carp IP) so that if the primary goes down the vpn will kick over to the secondary?

everytime i try to use the carp ip it syas no connection found on the VPN but if I specify the primary ip it connects…

UnderCover · Feb 1, 2008, 9:44 PM

sorry to bump but any suggestions?

dhipo · Feb 9, 2008, 2:52 PM

i am using with success CARP + Pptp

all clients connect to CARP address with sucess.. when 1 server are down, or 2 servers up, no problems found.

maybe i can help you on this

ben.suffolk · Feb 9, 2008, 10:50 PM

Hi,

You need to add 2 new rules, allow TCP from any to VIP/1723 , and a GRE from any/any to VIP/any

Both on the WAN interface.

PPTP rules get added by default, but not to VIP addresses, only the WAN address, maybe this is a bug that needs fixing?

Regards

Ben

UnderCover · Feb 21, 2008, 3:26 PM

thx this did the job

aaron · Feb 22, 2008, 2:24 PM

I'm not sure that it's really a bug, because how would pfSense know that the VIP is intended for use with PPTP? Although I also had this same problem when I first set up a PPTP to listen on a VIP, so I agree that we should make it more prominent. Maybe sticky it (not quite sure if it's that common of a problem), but I'll look into adding it somewhere on the wiki.

BenHead · Mar 10, 2008, 7:09 PM

I think ideally the automatic firewall rule would be visible and/or editable, like NAT-created rules.

ben.suffolk · Mar 10, 2008, 8:14 PM

Is it really likely would you want to set PPTP up on the IP of the machine, and not the VIP?

I'm sure in pretty much every case if you set it up on a clustered machine its going to be on the VIP, or else you loose access when the machines failover.

Ben