I'm not sure, based on your email, if the pfSense box is in front of
the PPTP server or not. If t is, then go to the VPN menu, select
PPTP, on Configuration tab, select Redirect incoming PPTP
connections to: radio button and fill in the text box (PPTP
redirection) with the IP address of your internal PPTP server.
Remove the rules you created too, btw :)
--Bill
On Nov 19, 2007 7:07 AM, Luciano Areal [EMAIL PROTECTED] wrote:
Good morning, folks!
Here in my company, we have this network scenario:
Our network has one internal VPN server, based on a Windows 2003 Enterprise,
using PPTP and GRE protocol. We have several workers who eventually need to
connect in our network, to get some data and disconnect. Sometimes, they
need to work in our network from home, airport, etc., just like in a
roadwarrior way. Following:
-- -- -
|PPTP SERVER| --- |GATEWAY| --- |INTERNET| --- |ROADWARRIOR|
-- -- -
192.168.0.0 /24 200.*.*.* /28(ISP IP) *.*.*.* (any IP)
I did a basic installation of pfSense firewall solution on a machine here,
and set up all needed ports for our basic NAT (webserver, e-mail, etc.).
Here follows the part mentioned for PPTP:
Firewall: NAT: Port Forward Options
If Proto Ext. port range NAT IP Int. port range
Description
WAN TCP 1723192.168.0.141723
Allow PPTP (TCP 1723)
WAN GRE 192.168.0.14
Allow GRE (Protocol 47)
These rules were also inserted on Firewall: Rules (WAN section)
Proto Source PortDestination PortGateway
Description
TCP WAN address 1723192.168.0.141723*
Allow PPTP (TCP 1723)
GRE WAN address * 192.168.0.14* *
Allow GRE (Protocol 47)
Then, I tried to connect from home to my server, putting its WAN IP on my
VPN connection, but when I try to connect, nothing happens.
Am I doing anything wrong here? Did I forget any point here? I tried to get
some info on pfSense mail discussion archives, but didn't find anything
similar to my problem. :-(
Is there anything that I still need to do in order to free up traffic of
PPTP and GRE protocols, from my box to the internal server? If anyone here
have passed through this issue, please light up my path. ;-)
Best regards,
Luciano Pereira Areal
Network Administrator
E-mail: [EMAIL PROTECTED]
Mobile #1: +55 21 8176-7376
Mobile #2: +55 21 8169-3362
Nextel ID: 55*8*64731
Skype: luciano_areal
Bizvox Voice Services
Avenida Nilo PeƧanha, 50 Grupo 1516 - Centro
CEP: 20020-906
Rio de Janeiro - RJ - Brasil
Phone: +55 21 2212-1650
Fax: +55 21 2212-1675
Website: http://www.bizvox.com.br/
_
avast! Antivirus http://www.avast.com : Outbound message clean.
Virus Database (VPS): 071119-0, 19/11/2007
Tested on: 19/11/2007 10:07:26
avast! - copyright (c) 1988-2007 ALWIL Software.
