--- On Fri, 12/3/10, David Miller <[email protected]> wrote:
> From: David Miller <[email protected]> > Subject: Re: [pfSense Support] PPTP question > To: [email protected] > Date: Friday, December 3, 2010, 1:33 PM > On 12/3/10 12:09 PM, Evgeny Yurchenko > wrote: > > On 10-12-03 10:43 AM, David Miller wrote: > >> Hi All; > >> > >> I'm trying to bring up VPN access to an internal > network via PPTP. > >> > >> On the firewall (pfsense 2.0 BETA1, built 4/18 > 2010) I enabled 8 PPTP users, setup a remote address of > 172.30.0.64, used the WAN address for the server address, > and configured a user. > >> > >> I went to firewall->rules->PPTP and added a > rule to allow TCP connections from any source/port to any > dest/port. > >> > >> > >> On a mac (snowleopard) I configured the PPTP > client with the WAN address of the firewall as the server, > enter the username & password. I hit connect and > the mac says it's connected fine. It's assigned an IP > address (172.30.0.65) > >> > >> The mac shows this: > >> > >> MacBook-Pro-2:~ root# ifconfig ppp0 > >> ppp0: > flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444 > >> inet 172.30.0.65 --> > 24.39.39.202 netmask 0xffff0000 > >> MacBook-Pro-2:~ root# > >> > >> and this: > >> > >> MacBook-Pro-2:~ root# netstat -rn > >> Routing tables > >> > >> Internet: > >> Destination > Gateway Flags > Refs > Use Netif Expire > >> default > 10.0.1.1 > UGSc > 18 13 > en1 > >> default > 24.39.39.202 UGScI > 0 > 0 ppp0 > >> 10.0.1/24 > link#5 > UCS > 2 0 > en1 > >> 10.0.1.1 > 0:23:df:d9:8a:93 UHLWI > 16 > 1031 en1 > 456 > >> 10.0.1.198 > 127.0.0.1 > UHS > 0 0 > lo0 > >> 10.0.1.255 > ff:ff:ff:ff:ff:ff UHLWbI > 0 > 6 en1 > >> 24.39.39.202 > 10.0.1.1 > UGHS > 166 202 en1 > >> 127 > 127.0.0.1 > UCS > 0 0 > lo0 > >> 127.0.0.1 > 127.0.0.1 UH > 1 > 18114 lo0 > >> 169.254 > link#5 > UCS > 0 0 > en1 > >> 172.30 > ppp0 > USc > 2 > 0 ppp0 > >> > >> The problem is that I can't connect to anything > else on the internal (172.30.0.0/24) network. So what > step did I miss? > >> > >> This isn't exactly where I want to end up. > I'd prefer to assign another network to PPTP clients > (172.30.1.0) and route them to the internal network, but I'm > taking one step at a time. > >> > >> TIA, > >> > >> --- David > >> > > Do tcpdump on LAN when pinging any LAN-connected > device from your MAC. Do you see packets? > > Evgeny. > > Thanks Evgeny; > > When I run tcpdump on the host I'm trying to connect to I > see unanswered arp requests for the IP I'm trying to connect > from. > > Is there a proxy arp setting I need to turn on? I > just tried allowing icmp in addition to tcp/udp from the > pptp interface to the internal network, but get the same arp > requests on the target box. > > Any hints for using a separate network for my vpn client? > > Thanks, > > --- David I am a bit confused... Can you post your dump here? Plus ifconfig when a PPTP client is connected. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
