G-Stress Posted March 27, 2014 Share Posted March 27, 2014 Guys I am a bit stumped. It's been a lil over a year and a half so I am very rusty, but I finally got my lab/rack environment set back up and I just installed the latest version of PFSense. I have got OpenVPN working, but my iphone has a problem connecting. I'll figure that out. My issue is I have also enabled pfsense to serve as a pptp vpn. Problem is I can connect just fine, but I have no internet access when connected. I want to tunnel my traffic over the vpn. I've down about a days worth of googling and seen all the posts about creating NAT or firewall rules, but none that really mention how to create the rule to give connecting clients access to the local lan and internet. A link to a good post or any info is greatly appreciated. As far as config: PFSense is doing all the routing and running dhcp with a subnet of: 10.13.37.1/24 In the PPTP config I have the PPTP server set at 10.13.37.240 and the start address at 10.13.37.150 which is just outside of the address pool. DNS is set to googles DNS servers. Another weird thing I noticed is once I have configured the PPTP VPN I can no longer even view that section via Chrome. I can just fine in IE. Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted March 27, 2014 Share Posted March 27, 2014 First of all make sure you set the option "Route all trafic over PPTP VPN" is set on your client. 2nd make sure you put the ip of the pfsense as default gateway. NOT the PPTP server ip The best resource is still the pfsense forum Quote Link to comment Share on other sites More sharing options...
barry99705 Posted March 28, 2014 Share Posted March 28, 2014 I've started converting my clients away from pptp vpn, cause well, it's not secure, and they're failing PCI compliance scans with pptp. Go to ipsec, or openvpn. https://sites.google.com/a/vorkbaard.nl/dekapitein/tech-1/how-to-set-up-ipsec-tunneling-in-pfsense-2-0-release-for-road-warriors https://itunes.apple.com/app/openvpn-connect/id590379981 https://forums.openvpn.net/openvpn-connect-ios-f36.html Quote Link to comment Share on other sites More sharing options...
G-Stress Posted March 29, 2014 Author Share Posted March 29, 2014 Thanks for the quick reply guys. 5 minutes after I posted this topic I got it working. The whole time I've been looking through the firewall options I never noticed there was a separate PPTP VPN tab at the top. I selected the PPTP VPN interface and allowed ipv4 and 6 and TCP/UDP and it worked after that. I have OpenVPN working as well, but not remotely. I need a solution that will work with PC/MAC and iDevices and Droids. I'm having a problem with OpenVPN config on my iphone. I know I need to edit it somehow, just not sure how I'm gonna do it and get it back to the iphone the way the app is. I will also setup IPSecVPN. I want to get real familiar with all VPN technologies. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted March 31, 2014 Share Posted March 31, 2014 For ios devices, I've had to download the config to a desktop and sync it over with itunes. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted April 1, 2014 Author Share Posted April 1, 2014 I was thinking of something along those lines for iOS devices. Now from a security and reliability standpoint I'm wondering if IPSec, L2TP or OpenVPN would be best to use for daily use. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted April 1, 2014 Share Posted April 1, 2014 ipsec or openvpn will be the most compatible, at least from my experience. I use openvpn for my wife's business, and ipsec at client sites. We use l2tp for static location to location vpn connections. Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted April 2, 2014 Share Posted April 2, 2014 Yeah, the best way is like barry99705 said. The most secure can be ipsec. ( if you add xauth and all that stuff ) Quote Link to comment Share on other sites More sharing options...
G-Stress Posted April 14, 2014 Author Share Posted April 14, 2014 Thanks for all the info guys. I got PPTP up and working just like I want and I just got IPSec working on my iphone, but I'm confused a bit. I can connect just fine and have internet access though when I goto ipchicken it shows the wan ip of my iphone using IPSec. When I do using PPTP it shows my home WAN address. I would like to if possible be able to access all machines on my home network using IPSec and route all my traffic through that as well. I just searched on tunneling my traffic over IPSec and it is directing me to configure settings in the "outbound" section of the firewall. The scenario is between 2 office buildings. I guess I'm a little confused on how my traffic is being routed securely if it doesn't appear to be tunneled being that it is showing my WAN address of my iphone vs my home WAN address. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted April 14, 2014 Share Posted April 14, 2014 Check your configs. There should be a setting on the client side to route all traffic through the tunnel. As it is now, only traffic that needs your home network will go through the tunnel, everything else goes over the normal network. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.