Cant access router when connected via PPTP

jimp

What is the default gateway of that router?

You can probably work around that with an outbound NAT rule on the LAN side that translates traffic from the PPTP subnet going to that router's IP to the LAN interface address.

luke240778

Hey, the default gateway of that router is 192.168.10.1

I have tried putting a firewall rule in but that didnt work.. i will try what you have suggested with the outbound NAT rule, but am not sure how to do this, when i read the options, it all sounds like another language..

luke240778

Can someone please help with this.. i have no idea why this isnt workng and i cant seem to get it working

The router is on, and working..qhen i conect to my pfsense box via pptp i get 192.168.10.4 ip, my pfsense box is 192.168.10.1, which i can ping and connect to the gui, but the other wireless router is ip 192.168.10.2 (https) and i cant ping or connect to it.. it is the router running all my wisp clients, so is very important to be able to connect to it remotely.. Any ideas?

jimp

Do a packet capture on LAN and watch for your pings to leave LAN and see what happens. Odds are that it leaves but doesn't come back. If that's the case, then there may not be much you can do. Since your PPTP clients are already in your LAN subnet, it wouldn't be a routing issue like I said before. Are you sure nothing else on your network is using that .4 IP? What exactly are the settings on your LAN interface and the PPTP setup?

luke240778

I should add, that whilst connected via PPTP i am able to logon to my clients Antenna's WebGUI, which are for example 192.168.10.227

There isnt anything else using the .4 ip.  The settings pon my lan are Gateway 192.168.10.1 and DHCP 192.168.10.100-254

The PPTP settings are: server address = 192.168.10.3 and remote address range = 192.168.10.4

Whilst connected to the pfsense box via pptp, and i do a ping to the .2 address from the pfsense gui, it replies no problems..

Packet capture a little difficult to understand cause of all the traffic going through the lan at the moment dues to wireless clients

jimp

Filter the packet capture on the .4 IP then, should be easier to spot if you aren't doing anything else but hit the GUI of the firewall over PPTP.

luke240778

Sorry, i dont really understand how i can do that? my laptop gets .4 when i connect via PPTP, but if i run a ping from the webgui arent i running it from that machine, which is the .1 ip?

How do i capture packets from my laptop to .2?

jimp

On the pfSense gui, go to Diagnostics > Packet capture. Run a capture there, on LAN, filtered on .4.

Then ping the router from the PPTP-connected system, then stop the capture, and see what you got.

Don't ping from the firewall's GUI

luke240778

Ok thanks. I first pinged 192.168.10.1 and 10.235 as i know these i can access, then i did 10.2, which i believe shows nothing in the packet capture:

21:22:21.146768 IP 192.168.10.4 > 192.168.10.235: ICMP echo request, id 1, seq 31, length 40
21:22:24.712641 ARP, Request who-has 192.168.10.4 tell 192.168.10.235, length 46
21:22:24.712659 ARP, Reply 192.168.10.4 is-at c8:3a:35:d2:53:cf, length 28
21:22:25.683589 ARP, Request who-has 192.168.10.4 tell 192.168.10.235, length 46
21:22:25.683607 ARP, Reply 192.168.10.4 is-at c8:3a:35:d2:53:cf, length 28
21:22:25.841092 IP 192.168.10.4 > 192.168.10.235: ICMP echo request, id 1, seq 32, length 40
21:22:26.683659 ARP, Request who-has 192.168.10.4 tell 192.168.10.235, length 46
21:22:26.683677 ARP, Reply 192.168.10.4 is-at c8:3a:35:d2:53:cf, length 28
21:22:29.351288 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 32, length 40
21:22:29.354802 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 32, length 40
21:22:29.371934 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 32, length 40
21:22:29.675635 IP 192.168.10.4 > 192.168.10.235: ICMP echo request, id 1, seq 33, length 40
21:22:31.450664 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 33, length 40
21:22:31.818773 IP 192.168.10.4 > 192.168.10.235: ICMP echo request, id 1, seq 34, length 40
21:22:32.597950 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 34, length 40

jimp

If you never see the ping for .2 in the capture, that means it never left LAN. Either it never left the laptop, or it was blocked/misrouted somewhere along the way. Double check your firewall rules for pptp, firewall logs, etc.

luke240778

when i tried to ping .2 it just "request timed out"

I have no idea how to setup firewall rules.. shouldnt it just work seeing i can access the other devices on the same subnet? the antennas for example.. they are all in Wireless ISP mode, they are basically routers also

jimp

That depends on your rules… For all we know, since you haven't said, there is a block rule on there or an incorrect rule to pass to it. Show a screenshot of your PPTP rules.

luke240778

Ok, here it is

jimp

That should be fine then. Though just for giggles, change the source to 'any' and see what happens.

luke240778

Definately would have been nice if it was that simple!! but unfortunately that didnt work.. :)

Should i change it back to PPTP or is any how it should be?

I have no idea why i cant get to this stupid router!  Its GUI is https, thats not an issue is it?

jimp

Only would be an issue if you can't access any other https items across the vpn, but a ping isn't going either.

Somehow you need to determine if it's ever leaving the laptop and even trying to go over pptp. Try a traceroute to it.

Metu69salemi

Is this .2 in the same lan, so it's for sure in correct switch.
is switch configs correct
is the switch port functioning at all, even those can break down

luke240778

Yes it is, and from within the office i can get to it, just cant when connected via PPTP from my home.

I also found out lastnight that i can't access it when i connect to another server via Teamviewer from home.. same problem.. all other devices with Webgui on the 192.168.10.0 subnet i can access.. just not this one in particular..