How to connect to a PPTP VPN behind another interface on the same pfSense box?



  • Hello –

    Our setup is as follows:  A re-purposed PC with 3 NIC cards all assigned to different interfaces (WAN, LAN, OPT), running a 2.0 RC version of pfSense.  Obviously the WAN interface connects to the internet via our cable modem, with which we have 5 static IPs that we can use.  The LAN interface is connected to our local wired network.

    On the local wired network resides our main server which handles email and also serves a PPTP VPN that users from the outside connect to in order to access local resources.  All the traffic from the LAN interface is assigned the public IP of x.x.x.1 when outgoing.

    The OPT interface is connected directly to a wireless router and is used to serve an internet connection to office guests, while keeping them segmented from our live network.  All traffic going out on this interface is given the public IP of x.x.x.2.

    The problem arises when someone wants to use the wireless connection to VPN into the PPTP server being hosted on the other interface.  Since they are using an IP of x.x.x.2 and trying to connect to a different one (x.x.x.1) just as they would if they were at home I assumed this would work no problem, but it does not.

    What do I need to do to keep this OPT interface segmented from the LAN one, but allow users to connect to the LAN and authenticate to the PPTP server as if they were coming in from the outside?

    Any help is greatly appreciated.



  • I presume you have added a firewall rule(s) on OPT1 to allow OPT1 to access the internet. Do you need to add a rule to allow OPT1 to access the PPTP server on the LAN?

    Do the VPN clients access the server by IP address or hostname?  If you are using DNS forwarder on pfSense it might help to add an "override" entry for the server host name so that internally (on your local network) the server name maps to a different IP address than it does externally (on the internet).


Log in to reply