2 way PPTP VPN

lblokland · Aug 10, 2009, 5:07 PM

Hi,

maybe this is a double post, but I couldn't find a good answer so here comes the question..

I've a 1.235 setup with 2 NIC's (LAN+WAN)

I need to create a setup in which I am able to make VPN connections using PPTP to servers on the internet, and simultaniously make PPTP connetions from remote machines to a PPTP server on the LAN.
Just tried to use manual port forwards, and also the option on the PPTP tab to select a private server…but all options fail.

In one setup I can connect tot the inbound server, but am not able to make outbound connections, in the other setup I can create outbound connections, but cannot connect from the internet to my private server..

Can anyone tell me if this is possible with pfsense, and if yes, point me in the right direction?

Cheers,

Leon

Briantist · Aug 10, 2009, 7:49 PM

This is a known problem. Take a look at the frickin package. Personally I was never able to make frickin work. If you have more than one static WAN IP you can do what I did:

WAN Interface is assigned: 1.2.3.77/29 (I have 5 static IPs)
I used proxy arp to also listen on 1.2.3.78. I used AON to have my LAN using .78 as the NAT IP for connections. Incoming PPTP connections go to .77 so they don't conflict at all. You will still have a problem with this method if you need to make more than one outgoing PPTP connection (to different servers) so it may be best to see if you can get frickin working.

cmb · Aug 11, 2009, 5:36 AM

There is info on the limitations and work arounds here:
http://doc.pfsense.org/index.php/What_are_the_limitations_of_PPTP_in_pfSense%3F

the Frickin package doesn't work, Fricken doesn't seem to work at all, no idea why.

lblokland · Aug 19, 2009, 7:18 PM

Allright…I understand M0n0 and PFsense are not able (at the moment) to achieve this goal.
But how about a combo of outgoing pptp connections (from LAN to WAN) and incoming L2TP connections (from WAN to server in LAN).

Can anyone let me know if this is possible?

And, to make things complete, is it (in addition) also possible to create simultaniously with the outgoing pptp and incoming l2tp some site-to-site l2tp connections?
(so it's triple way vpn i guess)

Thanks

Leon

rpsmith · Aug 20, 2009, 1:49 AM

give m0n0wall 1.3b18 a try. I think it will solve most if not all of your PPTP problems.

rpsmith…

cmb · Aug 21, 2009, 2:44 AM

@rpsmith:

give m0n0wall 1.3b18 a try. I think it will solve most if not all of your PPTP problems.

No it won't, it's no different from previous versions. If Manuel gets the ipnat GRE changes in for 1.3b19 and they work, it will, but they aren't there yet.

We hope to have similar NAT changes for PF in 2.0.

rpsmith · Aug 21, 2009, 2:58 AM

I'm currently using m0n0wall and having no PPTP problems. The only limitation that I'm aware of is multiple outgoing connections to the same IP. what exactly are you having problems with?

rpsmith…

cmb · Aug 21, 2009, 7:18 AM

@rpsmith:

I'm currently using m0n0wall and having no PPTP problems. The only limitation that I'm aware of is multiple outgoing connections to the same IP.

That's what I thought this thread was referring to.

The second issue, not being able to connect outbound on the same public IP in use by a PPTP server, isn't an issue in ipnat/m0n0wall.

lblokland · Aug 22, 2009, 6:15 AM

Exactly. This topic is about the gre limitation. And ofcourse possible solutions.
As there is no solution right now, m setting up IPSec for my inbound client because won't be limited by gre.

Anyways I hope this gre issue is to be solved asap

cheers,
Leon