NAT Reflection with PPTP VPN

  • Is there any trick to get NAT reflection working when logging in via my PPTP VPN? It works while connected locally but I can't resolve my sites public IP when logged into the VPN.

  • Why would you want reflection on PPTP coming from internal?  Either way this will not work.

  • I'm using host headers on my webserver, so when I'm logged into my vpn I can't pull up my sites.  I also have a virtual IPs setup for the public address of my webserver.  If I plug directly into the local network I can access the public IP's without a problem as long as NAT reflection is not disabled.  Is there anyway to setup PPTP so I can access the real public address when logged in?


  • If you are using Windows to connect to the VPN, set your PPTP connection to NOT use the 'default gateway' of the vpn site you are connecting to.  To change the setting, do the following:

    -Go to Network Connections
    -Right click on the VPN icon for the given site and click on Properties
    -Click on the 4th tab up top called 'Networking'
    -Highlight 'Internet Protocol (TCP/IP)' and click on Properties
    -Click on the 'Advanced' button
    -Uncheck the box called 'Use default gateway on remote network'

    Hit OK to all the screens and then connect back to your vpn.  You should notice that you'll now be able to resolve to your site's hosted services using the public ip address of that give site.  The benefit you get of not using the default gateway on the vpn is that you won't be using up the vpn site's bandwidth when browsing on the Internet, thus making it faster.  The only downside to this is in case you route multiple subnets in your vpn, thus to which you won't be able to follow their routes.

    Personally, I disable the 'default gateway' option about 99% of the time I connect to vpn sites for the given reasons above.  Give it a shot and let us know.

    Good luck! :)

  • I personally have the same problem and I do understand the uncheck VPN default gateway option on the client.
    However there are employees not capable of doing this
    there are peoples that simply would prefer to connect and browse their site from VPN without unchecking that option in pptp VPN, …

    Bottom line is it should be pretty simple to add to the code an option to allow proxy arp on the pptp interface.

    Is there a way to do it ?