Ok Awesome, That is good information, thanks. So to clarify Lan subnet = 1.1.1.0/24 Pptp subnet = 1.1.1.0/28 Pptp server IP address = ? Which clients use Pptp as gateway?
Thanks a million. -W Wade Blackwell "Integrity is often more painful and always more profitable than perception management" -----Original Message----- From: Fractalyzor [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 5:17 PM To: support@pfsense.com Subject: Re: [pfSense Support] PPTP & Ipsec Scott Ullrich wrote: > On 4/29/08, Wade Blackwell <[EMAIL PROTECTED]> wrote: > >> Good morning PFsense fans, >> Greetings from the starting to get sunny Northwest. I am not >> sure if what I am trying can be done or not. In concept I know it's >> possible but I am not seeing the desired results where the rubber meets the road. >> Basic setup is this; >> >> Network A >> 1.1.1.1/24 >> | >> | >> | >> I-net----PF---PPTP clients 3.3.3.3/28 >> | >> | >> | >> IPsec tunnel to 2.2.2.0/24 >> >> Goal: To have PPTP clients connect in and connect to the PF and then >> have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I >> am >> assuming) is that for the tunnel to come up the PPTP clients to >> bring the IPsec tunnel up they need to be sourced from 1.1.1.0/24. >> What I did, attempting to make this work, was to setup the advanced >> outbound NAT allowing all PPTP clients destined for 2.2.2.0/24 to be >> natted with the interface IP of network A. I am running 1.2-RC2 if that has any bearing. >> If anyone has tried this or has some insight I would be stoked. >> Thanks all. >> -- >> Wade B >> > > Make sure a static route exists on 2.2.2.0/24 to point back to > 1.1.1.0./24 if I am reading this correctly. I have not tried this, so > YMMV. > > Scott > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > > Hi I've got a similar setup, a pfsense with ipsec tunnel to a different site. What I did was to setup the pptp clients to use the same ip adresses in the same adress space as the range lan of the pfsense. and setup the ipsec to use the lan subnet.. Only thing is to to have the clients use the pptp server as the gateway, and it works like a charm. My machine is actual virtual, with only one network card(wan), and left the lan as default adapter, just changed the subnet, and setup the pptp server...does the trick though. /F --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature