Cant access router when connected via PPTP



  • Hey guys, i have a PPTP connection setup that i use to vpn in to my pfsense box from home. I also, on the same network have a router, its IP is 192.168.10.2 and the pfSEnse box is 192.168.10.1

    When connected via PPTP, i can connect via web browser to my pfsense box, but i cant connect to the router, which i can when in the office.

    DO i need some kind of firewall rule for this?  If so how would i do this?


  • Rebel Alliance Developer Netgate

    What is the default gateway of that router?

    You can probably work around that with an outbound NAT rule on the LAN side that translates traffic from the PPTP subnet going to that router's IP to the LAN interface address.



  • Hey, the default gateway of that router is 192.168.10.1

    I have tried putting a firewall rule in but that didnt work.. i will try what you have suggested with the outbound NAT rule, but am not sure how to do this, when i read the options, it all sounds like another language..



  • Can someone please help with this.. i have no idea why this isnt workng and i cant seem to get it working

    The router is on, and working..qhen i conect to my pfsense box via pptp i get 192.168.10.4 ip, my pfsense box is 192.168.10.1, which i can ping and connect to the gui, but the other wireless router is ip 192.168.10.2 (https) and i cant ping or connect to it.. it is the router running all my wisp clients, so is very important to be able to connect to it remotely.. Any ideas?


  • Rebel Alliance Developer Netgate

    Do a packet capture on LAN and watch for your pings to leave LAN and see what happens. Odds are that it leaves but doesn't come back. If that's the case, then there may not be much you can do. Since your PPTP clients are already in your LAN subnet, it wouldn't be a routing issue like I said before. Are you sure nothing else on your network is using that .4 IP? What exactly are the settings on your LAN interface and the PPTP setup?



  • I should add, that whilst connected via PPTP i am able to logon to my clients Antenna's WebGUI, which are for example 192.168.10.227

    There isnt anything else using the .4 ip.  The settings pon my lan are Gateway 192.168.10.1 and DHCP 192.168.10.100-254

    The PPTP settings are: server address = 192.168.10.3 and remote address range = 192.168.10.4

    Whilst connected to the pfsense box via pptp, and i do a ping to the .2 address from the pfsense gui, it replies no problems..

    Packet capture a little difficult to understand cause of all the traffic going through the lan at the moment dues to wireless clients


  • Rebel Alliance Developer Netgate

    Filter the packet capture on the .4 IP then, should be easier to spot if you aren't doing anything else but hit the GUI of the firewall over PPTP.



  • Sorry, i dont really understand how i can do that? my laptop gets .4 when i connect via PPTP, but if i run a ping from the webgui arent i running it from that machine, which is the .1 ip?

    How do i capture packets from my laptop to .2?


  • Rebel Alliance Developer Netgate

    On the pfSense gui, go to Diagnostics > Packet capture. Run a capture there, on LAN, filtered on .4.

    Then ping the router from the PPTP-connected system, then stop the capture, and see what you got.

    Don't ping from the firewall's GUI



  • Ok thanks. I first pinged 192.168.10.1 and 10.235 as i know these i can access, then i did 10.2, which i believe shows nothing in the packet capture:

    21:22:21.146768 IP 192.168.10.4 > 192.168.10.235: ICMP echo request, id 1, seq 31, length 40
    21:22:24.712641 ARP, Request who-has 192.168.10.4 tell 192.168.10.235, length 46
    21:22:24.712659 ARP, Reply 192.168.10.4 is-at c8:3a:35:d2:53:cf, length 28
    21:22:25.683589 ARP, Request who-has 192.168.10.4 tell 192.168.10.235, length 46
    21:22:25.683607 ARP, Reply 192.168.10.4 is-at c8:3a:35:d2:53:cf, length 28
    21:22:25.841092 IP 192.168.10.4 > 192.168.10.235: ICMP echo request, id 1, seq 32, length 40
    21:22:26.683659 ARP, Request who-has 192.168.10.4 tell 192.168.10.235, length 46
    21:22:26.683677 ARP, Reply 192.168.10.4 is-at c8:3a:35:d2:53:cf, length 28
    21:22:29.351288 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 32, length 40
    21:22:29.354802 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 32, length 40
    21:22:29.371934 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 32, length 40
    21:22:29.675635 IP 192.168.10.4 > 192.168.10.235: ICMP echo request, id 1, seq 33, length 40
    21:22:31.450664 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 33, length 40
    21:22:31.818773 IP 192.168.10.4 > 192.168.10.235: ICMP echo request, id 1, seq 34, length 40
    21:22:32.597950 IP 192.168.10.235 > 192.168.10.4: ICMP echo reply, id 1, seq 34, length 40


  • Rebel Alliance Developer Netgate

    If you never see the ping for .2 in the capture, that means it never left LAN. Either it never left the laptop, or it was blocked/misrouted somewhere along the way. Double check your firewall rules for pptp, firewall logs, etc.



  • when i tried to ping .2 it just "request timed out"

    I have no idea how to setup firewall rules.. shouldnt it just work seeing i can access the other devices on the same subnet? the antennas for example.. they are all in Wireless ISP mode, they are basically routers also


  • Rebel Alliance Developer Netgate

    That depends on your rules… For all we know, since you haven't said, there is a block rule on there or an incorrect rule to pass to it. Show a screenshot of your PPTP rules.



  • Ok, here it is



  • Rebel Alliance Developer Netgate

    That should be fine then. Though just for giggles, change the source to 'any' and see what happens.



  • Definately would have been nice if it was that simple!! but unfortunately that didnt work.. :)

    Should i change it back to PPTP or is any how it should be?

    I have no idea why i cant get to this stupid router!  Its GUI is https, thats not an issue is it?


  • Rebel Alliance Developer Netgate

    Only would be an issue if you can't access any other https items across the vpn, but a ping isn't going either.

    Somehow you need to determine if it's ever leaving the laptop and even trying to go over pptp. Try a traceroute to it.



  • Is this .2 in the same lan, so it's for sure in correct switch.
    is switch configs correct
    is the switch port functioning at all, even those can break down



  • Yes it is, and from within the office i can get to it, just cant when connected via PPTP from my home.

    I also found out lastnight that i can't access it when i connect to another server via Teamviewer from home.. same problem.. all other devices with Webgui on the 192.168.10.0 subnet i can access.. just not this one in particular..


Locked