Thanks Holger - I probably didn't express my question very well. How do network hosts on the LAN subnet know about the pptp virtual lan subnet - does the lan interface do proxy arp automatically or does it act as a gateway to the pptp virtual lan - i.e. I am trying to ping another host on the lan network from a pptp client that has connected to the pfsense - how does the remote lan host know where the pptp virtual lan is?
Craig -----Original Message----- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Tuesday, 4 July 2006 6:56 AM To: [email protected] Subject: RE: [pfSense Support] pptp lan address You don't need any rules at the pfSense for subnets that the pfSense directly sees at it's interfaces. You only might need routes at other gateways that are in the network so they find their way to the pptp users. Also if your pptp subnet is different from your pfSense LAN subnet the clients need "use default gateway of remote network" checked (default when configuring a pptp connection with windows clients). Holger > -----Original Message----- > From: Craig Silva [mailto:[EMAIL PROTECTED] > Sent: Monday, July 03, 2006 3:27 PM > To: [email protected] > Subject: RE: [pfSense Support] pptp lan address > > > Thanks for this - I now realize that I don't need to route > traffic from the > pptp clients to the lan - now I just need to understand how > to route traffic > to the server pptp address. > > i.e. to get to the pptp clients do I route to the pptp client > subnet through > the lan interface? (This doesn't seem to be working if that > is the case. > i.e. client subnet 192.168.58.16/28, lan interface > 192.168.0.5 so route add > 192.168.58.16/28 via 192.168.0.5 ???) > > Craig > > ________________________________________ > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Sunday, 2 July 2006 11:13 PM > To: [email protected] > Subject: RE: [pfSense Support] pptp lan address > > You can have the pptp users in a seperate subnet but it won't > solve your > conflict as you then would still have the lan client in the > same subnet and > the remote destination you now have to route to still will > conflict. You > can't add a route to a remote subnet that is identical with your local > subnet. I guess you simply need to change your 192.168.0.0/24 > to something > more uncommon. > > Holger > -----Original Message----- > From: Craig Silva [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 02, 2006 1:47 PM > To: [email protected] > Subject: [pfSense Support] pptp lan address > In the monowall docs on pptp it suggests that you can assign > a range of ip > addresses to the pptp clients that is not part of the lan ip > network range, > however if you do this that you can't route the address range > to the wan - > is there a way around this - i.e can you put this range into > the static > routes and add whatever rules are required? > > (Reason being - historically the lan address range I have inherited is > 192.168.0.0/24 which I know is going to conflict with every > 2nd xp client > user's home broadband home la nip address range.) > > TIA > > Craig > > > > ---------------------------------- > Craig Silva. IT Manager. > ABX Logistics, Australia. > http://www.abxlogistics.com.au > 9 Trade Park Dve. Tullamarine. Vic. 3043 > Tel: +61 3 9 335 8250, Mob: 0408408748 > email: [EMAIL PROTECTED] > > > ____________ > Virus checked by G DATA AntiVirusKit > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
