[pfSense] routing issue

Thu, 05 Apr 2012 02:32:58 -0700 

Dear List Members,
I'm using pfsense as a pptp vpn server (version 2.0.1) at one of my customer and have a problem with static routing and gateways. We're using pptp to make LAN-to-LAN connections between various locations and the main office. I know that pptp is not the best method for this but the customer's routers are only supporting pptp vpn connections, so there is no other options, this is not my decision. 
Mainly the pptp is working, the problem is with the static routes.
The pfsense machine's network is 172.30.254.0/24, where the pfsense itself is the 172.30.254.254 and the pptp server side ip is 172.30.254.252 
The pptp clients getting their tunnel ip from 172.30.253.0/24
To make the LAN-to-LAN working I need to add the following gateway and static route: 
gateway 172.30.253.5
static route: 172.20.83.0/24 with gateway 172.30.253.5
The problem is that when I'm adding the gateway at System:Gateways at the Interface I have no option to choose pptp interface, only LAN and WAN. 
I think there should be an option here PPTP VPN like at the firewall.
When I try to save it I get the following error:

The following input errors were detected:

 * The gateway address 172.30.253.5 does not lie within the chosen
   interface's subnet.

And here comes the fun part:
If I'm adding the static route at the System: Static routes and I'm choosing the add a new gateway and I add the new gateway here then it works! The gateway addedd, static route added, routing table is fine and everything works like a charm!
The problem is that after reboot or after waiting 1 day it will lost these static routes (because the gateways are invalid as it thinks) so this "hack" not working. 
How this problem can be solved?
I think there should be an interface option PPTP VPN at System: Gateways like at the firewall.
At my other customer I'm using freebsd, mpd5 and quagga zebra for the same job with the same routing logic and it works like charm. Here we decided to use pfsense because of the easier configuration. 

Any ideas welcome,
Thank you in advance.

Best Regards:
Gabor Debreczeni-Kis

_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list

Reply via email to