RE: [pfSense Support] PPTP & Ipsec

[Wade Blackwell]

Ok Awesome,
        That is good information, thanks. So to clarify 

Lan subnet = 1.1.1.0/24
Pptp subnet = 1.1.1.0/28
Pptp server IP address = ?
Which clients use Pptp as gateway?

        Thanks a million.

        -W 


Wade Blackwell

"Integrity is often more painful and always more profitable than perception
management"

-----Original Message-----
From: Fractalyzor [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 29, 2008 5:17 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] PPTP & Ipsec

Scott Ullrich wrote:
> On 4/29/08, Wade Blackwell <[EMAIL PROTECTED]> wrote:
>   
>> Good morning PFsense fans,
>>         Greetings from the starting to get sunny Northwest. I am not 
>> sure if  what I am trying can be done or not. In concept I know it's 
>> possible but  I am not seeing the desired results where the rubber meets
the road.
>>  Basic setup is this;
>>
>>         Network A
>>         1.1.1.1/24
>>           |
>>           |
>>           |
>>  I-net----PF---PPTP clients 3.3.3.3/28
>>           |
>>           |
>>           |
>>       IPsec tunnel to 2.2.2.0/24
>>
>>  Goal: To have PPTP clients connect in and connect to the PF and then  
>> have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I 
>> am
>>  assuming) is that for the tunnel to come up the PPTP clients to 
>> bring  the IPsec tunnel up they need to be sourced from 1.1.1.0/24. 
>> What I did,  attempting to make this work, was to setup the advanced 
>> outbound NAT  allowing all PPTP clients destined for 2.2.2.0/24 to be 
>> natted with the  interface IP of network A. I am running 1.2-RC2 if that
has any bearing.
>>  If anyone has tried this or has some insight I would be stoked. 
>> Thanks  all.
>>  --
>>  Wade B
>>     
>
>  Make sure a static route exists on 2.2.2.0/24 to point back to
> 1.1.1.0./24 if I am reading this correctly.  I have not tried this, so 
> YMMV.
>
> Scott
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional 
> commands, e-mail: [EMAIL PROTECTED]
>
>
>   
Hi

I've got a similar setup, a pfsense with ipsec tunnel to a different site.
What I did was to setup the pptp clients to use the same ip adresses in the
same adress space as the range lan of the pfsense.
and setup the ipsec to use the lan subnet..
Only thing is to to have the clients use the pptp server as the gateway, and
it works like a charm.

My machine is actual virtual, with only one network card(wan), and left the
lan as default adapter, just changed the subnet, and setup the pptp
server...does the trick though.

/F



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]

smime.p7s
Description: S/MIME cryptographic signature