Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN and Windows client

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      myselfo
      last edited by

      Hi,

      I'm trying to use pfSense to set up a VPN server for Windows clients. What are your suggestions to do it in an easy way for client users? I'd like them to use the built-in VPN client, if possible.
      I've tried:

      -PPTP: not reliable in pfSense since it doesn't work all of the time (I asked for help at pfSense's PPTP forum, but got no answer). Other users are suffering from this, both in pfSense and monowall.

      -IPSec: pfSense doesn't seem to support L2TP, so Windows native client cannot be used. Or am I wrong?

      -OpenVPN: Requires installation of a client, but I tried anyway: it works fine but traffic cannot be firewalled so basically I'm opening all IPs/ports in my LAN to client users (and you know that is dangerous when most machines on LAN are Windows). I want to have ONLY port 3389 (RDP) open, and only for some IPs on the LAN.

      So none out of 3 options actually fits :( Any suggestions?
      I also thought maybe I should try some other solution such as ZeroShell, which apparently supports IpSec/L2TP. Anyone tried that or some other solution?
      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        I think you're SOL (Straight Out of Luck) in that case.

        You're going to have to go with a client install of something, either OpenVPN (and live with the fact that firewalling OpenVPN doesn't arrive until a future release) or a suitable Windows IPSec client that can work with the pfSense IPSec VPN implementation (racoon).

        Now, in theory (see http://www.freebsddiary.org/ipsec-wireless-xp.php and http://ben.pfountz.com/notes/ipsec_unix_to_windows.html) you should be able to get Windows native client working with pfSense.  Reading such threads as this suggest that you can't use pre-shared keys.

        I'm sure there's more out there, but that's all I had time to dig up :)

        1 Reply Last reply Reply Quote 0
        • A
          arno
          last edited by

          I use pfsense pptp sever + windows IAS (radius server), plain windows xp vpn client - it works perfect since I installed pptp (~5 months). I started with version 1.01, now upgraded to 1.2-RC2 - still works ok. So I think - there is problem with Your configuration, not pfsense in this case.

          Just only thing that I can not use (but needed) with pfsense is EAP (pass-trough to radius server).
          Arnis

          1 Reply Last reply Reply Quote 0
          • M
            myselfo
            last edited by

            @Cry Havok:
            Thanks! I'll investigate further on the IPSec front :) I had a quick look and you're right: seems like it's possible to have it working with Windows native stuff, even though it seems to be hard to configure (I'm dealing with plain users who use to have problems just to create a PPTP connection). But worth looking at anyway :)

            @arno:
            I wish it was a problem in MY configuration, but I'm afraid it's not. I cannot tell for sure but to me it looks like there is a bug in pfSense's PPTP server. Have a look at the PPTP forum, you'll find lots of people with the same problem I'm having: random behaviour (now it works, now it doesn't) or simply Error 619. It happens to monowall users, too. I guess sometimes something is getting initialized to a wrong/random value.

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              @myselfo:

              @Cry Havok:
              Thanks! I'll investigate further on the IPSec front :) I had a quick look and you're right: seems like it's possible to have it working with Windows native stuff, even though it seems to be hard to configure (I'm dealing with plain users who use to have problems just to create a PPTP connection). But worth looking at anyway :)

              Well, if you can configure it once you should (hah) be able to export the settings and import them to other hosts.  I just found a Microsoft Knowledgebase article that may be relevant, and this article on annoyances.org.  Then all they'll have to do is double click the file you give them :)

              1 Reply Last reply Reply Quote 0
              • Y
                yasian
                last edited by

                @dear arno:
                you success to  use pfsense pptp sever + windows IAS (radius server), plain windows xp vpn client - it works perfect since installed .

                but I got problem:pptp server with radius
                1.enable pptp server with local aaa,that's all ok!
                2.only change aaa from local to radius server(such as evolynx radius server),success to in ,and get subnet ip,it seems all ok,but problem comes:can not ping any ip ,public ip(such DNS ,gateway of wan) and LAN ip of pfsense.(Tips:that's can ping when AAA with local,firewall peimit any IP any protocol).
                3.return aaa to local,all become ok.
                only change just local or radius server. Pfsense exist bugs on working with radius server or I wrong configuration? I NO IDEAR ?WHAT'S WRONG?can you help me?
                thanks
                yours yasian
                my email: yasian@163.com

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.