Re: [pfSense-discussion] Problems to use PPTP/GRE traffic to connect in a server - Please advice.
I'm not sure, based on your email, if the pfSense box is in front of the PPTP server or not. If t is, then go to the VPN menu, select PPTP, on Configuration tab, select Redirect incoming PPTP connections to: radio button and fill in the text box (PPTP redirection) with the IP address of your internal PPTP server. Remove the rules you created too, btw :) --Bill On Nov 19, 2007 7:07 AM, Luciano Areal [EMAIL PROTECTED] wrote: Good morning, folks! Here in my company, we have this network scenario: Our network has one internal VPN server, based on a Windows 2003 Enterprise, using PPTP and GRE protocol. We have several workers who eventually need to connect in our network, to get some data and disconnect. Sometimes, they need to work in our network from home, airport, etc., just like in a roadwarrior way. Following: -- -- - |PPTP SERVER| --- |GATEWAY| --- |INTERNET| --- |ROADWARRIOR| -- -- - 192.168.0.0 /24 200.*.*.* /28(ISP IP) *.*.*.* (any IP) I did a basic installation of pfSense firewall solution on a machine here, and set up all needed ports for our basic NAT (webserver, e-mail, etc.). Here follows the part mentioned for PPTP: Firewall: NAT: Port Forward Options If Proto Ext. port range NAT IP Int. port range Description WAN TCP 1723192.168.0.141723 Allow PPTP (TCP 1723) WAN GRE 192.168.0.14 Allow GRE (Protocol 47) These rules were also inserted on Firewall: Rules (WAN section) Proto Source PortDestination PortGateway Description TCP WAN address 1723192.168.0.141723* Allow PPTP (TCP 1723) GRE WAN address * 192.168.0.14* * Allow GRE (Protocol 47) Then, I tried to connect from home to my server, putting its WAN IP on my VPN connection, but when I try to connect, nothing happens. Am I doing anything wrong here? Did I forget any point here? I tried to get some info on pfSense mail discussion archives, but didn't find anything similar to my problem. :-( Is there anything that I still need to do in order to free up traffic of PPTP and GRE protocols, from my box to the internal server? If anyone here have passed through this issue, please light up my path. ;-) Best regards, Luciano Pereira Areal Network Administrator E-mail: [EMAIL PROTECTED] Mobile #1: +55 21 8176-7376 Mobile #2: +55 21 8169-3362 Nextel ID: 55*8*64731 Skype: luciano_areal Bizvox Voice Services Avenida Nilo PeƧanha, 50 Grupo 1516 - Centro CEP: 20020-906 Rio de Janeiro - RJ - Brasil Phone: +55 21 2212-1650 Fax: +55 21 2212-1675 Website: http://www.bizvox.com.br/ _ avast! Antivirus http://www.avast.com : Outbound message clean. Virus Database (VPS): 071119-0, 19/11/2007 Tested on: 19/11/2007 10:07:26 avast! - copyright (c) 1988-2007 ALWIL Software.
RES: [pfSense-discussion] Problems to use PPTP/GRE traffic to connect in a server - Please advice.
Hi Bill! The pfSense box is in front of the PPTP server. In other ways, it will act as the main gateway, and the PPTP server will be on the LAN. Clients will access it from WAN, passing through the pfSense box. I just did what you said. Removed all rules from NAT and firewall using PPTP/GRE, and activated that option (Redirect incoming PPTP connections to:). I also installed Frickin PPTP proxy package on system, and did a bind of this software on WAN port. I'll test it as soon as I arrive at home, and hope it will work correctly. Regards, Luciano Areal I'm not sure, based on your email, if the pfSense box is in front of the PPTP server or not. If t is, then go to the VPN menu, select PPTP, on Configuration tab, select Redirect incoming PPTP connections to: radio button and fill in the text box (PPTP redirection) with the IP address of your internal PPTP server. Remove the rules you created too, btw :) --Bill _ avast! Antivirus http://www.avast.com : Outbound message clean. Virus Database (VPS): 071119-0, 19/11/2007 Tested on: 19/11/2007 15:06:20 avast! - copyright (c) 1988-2007 ALWIL Software.
Re: RES: [pfSense-discussion] Problems to use PPTP/GRE traffic to connect in a server - Please advice.
Luciano Areal wrote: Hi Bill! The pfSense box is in front of the PPTP server. In other ways, it will act as the main gateway, and the PPTP server will be on the LAN. Clients will access it from WAN, passing through the pfSense box. I just did what you said. Removed all rules from NAT and firewall using PPTP/GRE, and activated that option (Redirect incoming PPTP connections to:). I also installed Frickin PPTP proxy package on system, and did a bind of this software on WAN port. Last I checked, the Frickin package is broken. Haven't had a chance to verify more recently, but I'm almost positive it isn't going to work. It won't break anything, it just isn't going to do anything. You likely don't need that when running a server accepting inbound connections anyway, that's more for multiple outbound sessions to the same external server.
Re: [pfSense-discussion] Problems to use PPTP/GRE traffic to connect in a server - Please advice.
That's a standalone setting. You don't want the frickin' package (which as Chris mentioned, may be broken anyway) if you use this setting. --Bill On Nov 19, 2007 12:06 PM, Luciano Areal [EMAIL PROTECTED] wrote: Hi Bill! The pfSense box is in front of the PPTP server. In other ways, it will act as the main gateway, and the PPTP server will be on the LAN. Clients will access it from WAN, passing through the pfSense box. I just did what you said. Removed all rules from NAT and firewall using PPTP/GRE, and activated that option (Redirect incoming PPTP connections to:). I also installed Frickin PPTP proxy package on system, and did a bind of this software on WAN port. I'll test it as soon as I arrive at home, and hope it will work correctly. Regards, Luciano Areal I'm not sure, based on your email, if the pfSense box is in front of the PPTP server or not. If t is, then go to the VPN menu, select PPTP, on Configuration tab, select Redirect incoming PPTP connections to: radio button and fill in the text box (PPTP redirection) with the IP address of your internal PPTP server. Remove the rules you created too, btw :) --Bill _ avast! Antivirus http://www.avast.com : Outbound message clean. Virus Database (VPS): 071119-0, 19/11/2007 Tested on: 19/11/2007 15:06:20 avast! - copyright (c) 1988-2007 ALWIL Software.
Re: [pfSense-discussion] multiwan ftp proxy
Assuming I ftp at home (don't recall the last time I intentionally did that!) then ftp works just fine via the primary wan as Chris mentions. I think I did have to create a rule for traffic destined to 127.0.0.1 to use the default gateway instead of a load balance pool. Don't recall if that's still needed or not but it's still in my ruleset: * LAN net * 127.0.0.1 * * Use routing table for loopback traffic --Bill On Nov 19, 2007 11:53 AM, Chris Buechler [EMAIL PROTECTED] wrote: Robert Schwartz wrote: On 19 Nov 2007 13:25:31 -, Scott Ullrich [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: What is the current status ? No work has been done on this as of since. Unfortunately it is not high on my list so if someone else wants to pick it up and finish up from where Bill and I left off, please do so. Hi - Is there /any /kind of work around for getting FTP working through a multiwan PFSense setup? Even if it means forcing all FTP traffic out 1 Wan interface with no fail over or load balancing? FTP works fine out the primary WAN, just not out any OPT WANs.
Re: [pfSense-discussion] multiwan ftp proxy
On Nov 19, 2007 1:50 PM, Bill Marquette [EMAIL PROTECTED] wrote: Assuming I ftp at home (don't recall the last time I intentionally did that!) then ftp works just fine via the primary wan as Chris mentions. I think I did have to create a rule for traffic destined to 127.0.0.1 to use the default gateway instead of a load balance pool. Don't recall if that's still needed or not but it's still in my ruleset: * LAN net * 127.0.0.1 * * Use routing table for loopback traffic 1.3 now creates these hidden rules so for 1.2 you still need to permit the traffic without a gateway assigned. This is covered in http://devwiki.pfsense.org/FTPTroubleShooting Scott
