PPTP CANT CROSS THE IPSEC TUNNEL UNDER THE CARP MODE



  • My problem is the PPTP CLIENT who connected to the wall used the carp mode can't cross the IPSEC VPN TUNNEL, but the PPTP CLIENT who connected the wall not used the carp mode can cross the IPSEC VPN TUNNEL. So the 10.16.6.0/24 PPTP CLIENT can visit the 10.16.0.0/24 network, but the 10.16.5.0/24 PPTP CLIENT can't visit the 10.16.2.0/24 network in my case. The attachment is my network topology. I have 3 pfsense's wall with Pfsense 2.0-release. Two of these wall's are working under the carp mode. Another is working under the normal mode. I have implemented the IPSEC VPN and the PPTP VPN between these walls. The PPTP VPN is working perfectly. The PPTP and IPSEC Rules are "any to any" on these walls. The IPSEC VPN has one phase-1 and 3 tunnels in phase-2. They are all use the AES 256 encryption algorithm. The two of walls use the VIP to connect another wall. These 3 tunnels are all established and two tunnels work perfectly, but one tunnel don't work. On the side of two walls, I use the Manual Outbound NAT and I set a rule.

    
    Interface 	Source 	   Source Port    Destination 	Destination Port 	NAT Address 	NAT Port 	Static Port 	  Description 	
    WAN   	10.16.0.0/24 	* 	            * 	                * 	        129.42.38.1 	     * 	                NO       Default NAT For Carp  
    
    

    These are 3 tunnels setup in phase-2 on the side of two walls:

    
    Mode 	Local Subnet 	Remote Subnet 	P2 Protocol 	P2 Transforms 	P2 Auth Methods
    tunnel 	LAN 	                 10.16.2.0/24 	  ESP 	          AES (256 bits) 	      SHA1 	[color]Working[/color]
    tunnel 	LAN 	                 10.16.6.0/24 	  ESP 	          AES (256 bits) 	      SHA1 	[color]Working[/color]
    tunnel 	10.16.5.0/24 	 10.16.2.0/24 	  ESP 	          AES (256 bits) 	      SHA1 [color](This Tunnel didn't work)[/color]
    
    

    These are 3 tunnels setup in phase-2 on another wall:

    
    Mode 	Local Subnet 	Remote Subnet 	P2 Protocol 	P2 Transforms 	P2 Auth Methods 
    tunnel 	LAN 	                 10.16.0.0/24 	    ESP 	        AES (256 bits) 	    SHA1 	[color]Working[/color]
    tunnel 	10.16.6.0/24 	 10.16.0.0/24 	    ESP 	        AES (256 bits) 	    SHA1     [color]Working[/color]
    tunnel 	LAN 	                 10.16.5.0/24 	    ESP 	        AES (256 bits) 	    SHA1     [color]Working[/color]
    
    

    I think that maybe I must setup the Manual Outbound NAT for PPTP CLIENT. But I don't know how to setup it for using IPSEC VPN .How to resolve this problem?



  • This might be my issue as well, I'm running a CARP setup with a pre-existing IPSec VPN and would need to connect to that using PPTP and then access resources across the IPSec VPN. Doesn't work for me either, never thought it might be CARP-related.


Locked