Community discussions

 
Kevo
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Oct 12, 2011 1:38 am

PPTP Server issue: cannot access LAN after connection

Wed Oct 12, 2011 10:35 pm

I have successfully setup a PPTP server on my RB750GL and can connect to it. However, I cannot access any LAN devices and there doesn't seem to be any traffic going out from the RB750 to my PPTP client.

I basically turned on the PPTP server and set up a secret with username and password, using the default-encryption profile, and put in a local and remote address which are on my LAN subnet.

At this point I can connect, but nothing seems to make it back to my client. I can see that my pings are coming through the dynamic pptp interface on the 750, but nothing comes back. It looks like they may be going out the WAN interface instead.

I believe my default drop rule for the forward chain is killing the tunnel. I'm not sure how to properly fix this though. It seems that once the packet comes out of the tunnel it doesn't match against gre so my attempt at a forward rule fails.

Does someone know how to properly allow pptp traffic to get back out to the client?

Thanks.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: PPTP Server issue: cannot access LAN after connection

Wed Oct 12, 2011 11:11 pm

If this isn't layer 2 then you'll need routes on both sides to the networks behind the PPTP tunnels.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
Kevo
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Oct 12, 2011 1:38 am

Re: PPTP Server issue: cannot access LAN after connection

Wed Oct 12, 2011 11:50 pm

I've definitely narrowed it down to the firewall rules. I have an input rule accepting tcp 1723 and that allows the pptp connection in the first place, but I also have a series of forward rules allowing connection to internal servers on specific ports on my lan segment and dmz segment. That all works fine.

The problem is the only way I've figured to allow pptp traffic is to forward anything with a src address matching my VPN IP range. If I remove that rule things will quit working as they hit the bottom drop rule on the forward chain. I was thinking there might be a more elegant way of allowing VPN traffic through the firewall, but maybe this is the best way?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: PPTP Server issue: cannot access LAN after connection

Thu Oct 13, 2011 12:54 am

PPTP consists of tcp/1723 for the control channel, and GRE (IP protocol 47) for the data channel.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
poxx
newbie
Posts: 27
Joined: Sun Apr 18, 2010 12:16 pm

Re: PPTP Server issue: cannot access LAN after connection

Fri Oct 14, 2011 4:29 am

Don't forget to set up your interface for proxy-arp

Interfaces -> Ether2 ( your interface ) -> ARP : Proxy-arp

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 116 guests