Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PPTP CANT CROSS THE IPSEC TUNNEL UNDER THE CARP MODE

    IPsec
    2
    2
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      macafee
      last edited by

      My problem is the PPTP CLIENT who connected to the wall used the carp mode can't cross the IPSEC VPN TUNNEL, but the PPTP CLIENT who connected the wall not used the carp mode can cross the IPSEC VPN TUNNEL. So the 10.16.6.0/24 PPTP CLIENT can visit the 10.16.0.0/24 network, but the 10.16.5.0/24 PPTP CLIENT can't visit the 10.16.2.0/24 network in my case. The attachment is my network topology. I have 3 pfsense's wall with Pfsense 2.0-release. Two of these wall's are working under the carp mode. Another is working under the normal mode. I have implemented the IPSEC VPN and the PPTP VPN between these walls. The PPTP VPN is working perfectly. The PPTP and IPSEC Rules are "any to any" on these walls. The IPSEC VPN has one phase-1 and 3 tunnels in phase-2. They are all use the AES 256 encryption algorithm. The two of walls use the VIP to connect another wall. These 3 tunnels are all established and two tunnels work perfectly, but one tunnel don't work. On the side of two walls, I use the Manual Outbound NAT and I set a rule.

      
Interface 	Source 	   Source Port    Destination 	Destination Port 	NAT Address 	NAT Port 	Static Port 	  Description 	
WAN   	10.16.0.0/24 	* 	            * 	                * 	        129.42.38.1 	     * 	                NO       Default NAT For Carp 

      These are 3 tunnels setup in phase-2 on the side of two walls:

      
Mode 	Local Subnet 	Remote Subnet 	P2 Protocol 	P2 Transforms 	P2 Auth Methods
tunnel 	LAN 	                 10.16.2.0/24 	  ESP 	          AES (256 bits) 	      SHA1 	[color]Working[/color]
tunnel 	LAN 	                 10.16.6.0/24 	  ESP 	          AES (256 bits) 	      SHA1 	[color]Working[/color]
tunnel 	10.16.5.0/24 	 10.16.2.0/24 	  ESP 	          AES (256 bits) 	      SHA1 [color](This Tunnel didn't work)[/color]

      These are 3 tunnels setup in phase-2 on another wall:

      
Mode 	Local Subnet 	Remote Subnet 	P2 Protocol 	P2 Transforms 	P2 Auth Methods 
tunnel 	LAN 	                 10.16.0.0/24 	    ESP 	        AES (256 bits) 	    SHA1 	[color]Working[/color]
tunnel 	10.16.6.0/24 	 10.16.0.0/24 	    ESP 	        AES (256 bits) 	    SHA1     [color]Working[/color]
tunnel 	LAN 	                 10.16.5.0/24 	    ESP 	        AES (256 bits) 	    SHA1     [color]Working[/color]

      I think that maybe I must setup the Manual Outbound NAT for PPTP CLIENT. But I don't know how to setup it for using IPSEC VPN .How to resolve this problem?
      top.jpg
      top.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • K
        KimmoJ
        last edited by

        This might be my issue as well, I'm running a CARP setup with a pre-existing IPSec VPN and would need to connect to that using PPTP and then access resources across the IPSec VPN. Doesn't work for me either, never thought it might be CARP-related.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.