Re: [pfSense Support] PPTP VPN question
On 12/9/2010 6:13 PM, David Miller wrote: > On 12/9/10 6:01 PM, Jim Pingle wrote: >> It's in the book. Page 291, section 14.10 PPTP Routing Tricks. > > Great reply and unbelievably quick too! Thanks Jim. > > 291/292 describe how to tell the pfsense box about routes the vpn client > has access to. No, 290/291 (at least in the print version I'm holding in my hands) are how you tell a client which routes are reachable over the PPTP VPN. Those directions don't tell the pfSense box anything. The instructions there are for a Windows box, but you could you make a script on the Mac to do the same thing. I'm not sure if the Mac PPTP client has a post-connect hook that could call a script like that or not. If it does then it would be easy to automate. (A basic Google search seems to indicate it can be done[1]) > I'm looking to automatically advertise selected subnets attached > (in)directly to the inside of the pfsense box. Right now it gives my > mac a second default route - I want the mac to pickup a route to only > 10.2.1.0/24 via ppp0. See my previous e-mail, that's exactly the question I answered. :-) There is no automatic way to advertise routes over PPTP to clients unless it can be done via RADIUS. (Which is unknown to me) Jim [1] http://hints.macworld.com/article.php?story=20060216061850917 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PPTP VPN question
On 12/9/10 6:01 PM, Jim Pingle wrote: On 12/9/2010 5:49 PM, David Miller wrote: How does one configure routes across a VPN connection? IE, I have a pfsense 2.0beta box with external address 1.2.3.4 connected to 10.2.1.0/24 on the inside. If the box gives out 172.30.40.50 as a VPN ppp0 address, how do I tell the client to route 10.2.1.0 traffic over the link? (VPN client gets 172.30.40.50)<-> [internet]<-> 1.2.3.4[pfsense box] <-> 10.2.1.0/24 Everything works fine if I do a route add on the client for network 10.2.1.0 via the ppp interface, but I'd like that to be automatic. If the book covers this in the VPN chapter I'm just not seeing it. AFAIK there is no way to make it automatic with PPTP in our GUI. You can assign yourself a static PPTP IP and then make a .cmd file to add the route if you want though. It's in the book. Page 291, section 14.10 PPTP Routing Tricks. Great reply and unbelievably quick too! Thanks Jim. 291/292 describe how to tell the pfsense box about routes the vpn client has access to. I'm looking to automatically advertise selected subnets attached (in)directly to the inside of the pfsense box. Right now it gives my mac a second default route - I want the mac to pickup a route to only 10.2.1.0/24 via ppp0. Doable? Thanks, --- David - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PPTP VPN question
On 12/9/2010 5:49 PM, David Miller wrote: > How does one configure routes across a VPN connection? > > IE, I have a pfsense 2.0beta box with external address 1.2.3.4 connected > to 10.2.1.0/24 on the inside. If the box gives out 172.30.40.50 as a > VPN ppp0 address, how do I tell the client to route 10.2.1.0 traffic > over the link? > > > > (VPN client gets 172.30.40.50) <-> [internet] <-> 1.2.3.4[pfsense box] > <-> 10.2.1.0/24 > > Everything works fine if I do a route add on the client for network > 10.2.1.0 via the ppp interface, but I'd like that to be automatic. If > the book covers this in the VPN chapter I'm just not seeing it. AFAIK there is no way to make it automatic with PPTP in our GUI. You can assign yourself a static PPTP IP and then make a .cmd file to add the route if you want though. It's in the book. Page 291, section 14.10 PPTP Routing Tricks. If you use RADIUS auth, you _might_ be able to pass back routes via RADIUS REPLYATTRs but I have never tried this before. Someone else may have better input on that aspect. IMHO everyone should really be using OpenVPN for complex (or any, to be honest) remote access VPN needs. You can make it do pretty much anything you want, especially in 2.0. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] PPTP VPN question
How does one configure routes across a VPN connection? IE, I have a pfsense 2.0beta box with external address 1.2.3.4 connected to 10.2.1.0/24 on the inside. If the box gives out 172.30.40.50 as a VPN ppp0 address, how do I tell the client to route 10.2.1.0 traffic over the link? (VPN client gets 172.30.40.50) <-> [internet] <-> 1.2.3.4[pfsense box] <-> 10.2.1.0/24 Everything works fine if I do a route add on the client for network 10.2.1.0 via the ppp interface, but I'd like that to be automatic. If the book covers this in the VPN chapter I'm just not seeing it. TIA - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org