• is there a way I can enable PPTP and use the "virtual IP" (carp IP) so that if the primary goes down the vpn will kick over to the secondary?

    everytime i try to use the carp ip it syas no connection found on the VPN but if I specify the primary ip it connects…

  • sorry to bump but any suggestions?

  • i am using with success CARP + Pptp

    all clients connect to CARP address with sucess.. when 1 server are down, or 2 servers up, no problems found.

    maybe i can help you on this

  • Hi,

    You need to add 2 new rules,  allow TCP from any to VIP/1723 , and a GRE from any/any to VIP/any

    Both on the WAN interface.

    PPTP rules get added by default, but not to VIP addresses, only the WAN address, maybe this is a bug that needs fixing?



  • thx this did the job

  • I'm not sure that it's really a bug, because how would pfSense know that the VIP is intended for use with PPTP?  Although I also had this same problem when I first set up a PPTP to listen on a VIP, so I agree that we should make it more prominent.  Maybe sticky it (not quite sure if it's that common of a problem), but I'll look into adding it somewhere on the wiki.

  • I think ideally the automatic firewall rule would be visible and/or editable, like NAT-created rules.

  • Is it really likely would you want to set PPTP up on the IP of the machine, and not the VIP?

    I'm sure in pretty much every case if you set it up on a clustered machine its going to be on the VIP, or else you loose access when the machines failover.


Log in to reply