RE: [pfSense-discussion] PPTP VPN on OPT1/WAN2
We tested this already pretty much in detail earlier and the answer is: no, pptp won't work at an OPT-WAN (unless you are coming directly from the OPT-WAN subnet with proper firewallrules). Looks like the PPTP server can't handle this situation correctly. Nothing that we can fix at our end. Holger -Original Message- From: Heath Henderson [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 6:23 AM To: discussion@pfsense.com Subject: Re: [pfSense-discussion] PPTP VPN on OPT1/WAN2 I am not certain I explained it correctly. The pfsense built in PPTP server answers correctly on the WAN address. But it doesn't answer at all on the WAN2 address, regardless of rules in the FW for that interface. I just wondered if it was a limitation of that PPTP server/setup. I am using a load balanced/failover setup and just wanted to make sure that was not an option if I have people asking me about it. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: DarkFoon [EMAIL PROTECTED] Reply-To: discussion@pfsense.com Date: Tue, 17 Oct 2006 20:19:31 -0700 To: discussion@pfsense.com Subject: Re: [pfSense-discussion] PPTP VPN on OPT1/WAN2 Seems to me that with PPTP (and other protocols) if the source IP address of packets sent to the client differs from the IP the client sends packets to, the PPTP software discards (as it should) the packets because they could be coming from an untrusted third-party. - Original Message - From: Heath Henderson [EMAIL PROTECTED] To: discussion@pfsense.com Sent: Tuesday, October 17, 2006 7:51 PM Subject: [pfSense-discussion] PPTP VPN on OPT1/WAN2 Does anyone know if there is a limitation to the PPTP VPN connection to only connect via WAN connection and not vai OPT1 or WAN2? I have a successful server running and can connect via WAN but times out whenever I try and hit the WAN2/OPT1 connection with the same setup. I checked all of my rules and they are identical. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 --
Re: [pfSense-discussion] PPTP VPN on OPT1/WAN2
You might need to think about routing your default route will probably be out via WAN so packets come in via WAN2 and then out via WAN. So unless you do any smarts you have some slightly weird routing, that might break other firewalls, or the PPTP software itself. SCOTT FARRELL IBM Certified Consultant m 0412 927 156 p 02 9411 3622 f 02 8214 6426 a IBM Building, The Atrium 601 Pacific Highway, St Leonards NSW 2065 w www.icconsulting.com.au Heath Henderson [EMAIL PROTECTED] 18/10/2006 12:51 PM Please respond to discussion@pfsense.com To discussion@pfsense.com cc Subject [pfSense-discussion] PPTP VPN on OPT1/WAN2 Does anyone know if there is a limitation to the PPTP VPN connection to only connect via WAN connection and not vai OPT1 or WAN2? I have a successful server running and can connect via WAN but times out whenever I try and hit the WAN2/OPT1 connection with the same setup. I checked all of my rules and they are identical. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 --
RE: [pfSense-discussion] PPTP VPN on OPT1/WAN2
I have no issues connecting (for the most part) connecting via PPTP from WAN, LAN, or either of my OPT interfaces. -Original Message- From: Heath Henderson [mailto:[EMAIL PROTECTED] Sent: October 17, 2006 22:51 To: discussion@pfsense.com Subject: [pfSense-discussion] PPTP VPN on OPT1/WAN2 Does anyone know if there is a limitation to the PPTP VPN connection to only connect via WAN connection and not vai OPT1 or WAN2? I have a successful server running and can connect via WAN but times out whenever I try and hit the WAN2/OPT1 connection with the same setup. I checked all of my rules and they are identical. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 --
Re: [pfSense-discussion] PPTP VPN on OPT1/WAN2
I am not certain I explained it correctly. The pfsense built in PPTP server answers correctly on the WAN address. But it doesn't answer at all on the WAN2 address, regardless of rules in the FW for that interface. I just wondered if it was a limitation of that PPTP server/setup. I am using a load balanced/failover setup and just wanted to make sure that was not an option if I have people asking me about it. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: DarkFoon [EMAIL PROTECTED] Reply-To: discussion@pfsense.com Date: Tue, 17 Oct 2006 20:19:31 -0700 To: discussion@pfsense.com Subject: Re: [pfSense-discussion] PPTP VPN on OPT1/WAN2 Seems to me that with PPTP (and other protocols) if the source IP address of packets sent to the client differs from the IP the client sends packets to, the PPTP software discards (as it should) the packets because they could be coming from an untrusted third-party. - Original Message - From: Heath Henderson [EMAIL PROTECTED] To: discussion@pfsense.com Sent: Tuesday, October 17, 2006 7:51 PM Subject: [pfSense-discussion] PPTP VPN on OPT1/WAN2 Does anyone know if there is a limitation to the PPTP VPN connection to only connect via WAN connection and not vai OPT1 or WAN2? I have a successful server running and can connect via WAN but times out whenever I try and hit the WAN2/OPT1 connection with the same setup. I checked all of my rules and they are identical. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 --
