PFSense PPTP

[G-Stress]

Guys I am a bit stumped. It's been a lil over a year and a half so I am very rusty, but I finally got my lab/rack environment set back up and I just installed the latest version of PFSense. I have got OpenVPN working, but my iphone has a problem connecting. I'll figure that out.

My issue is I have also enabled pfsense to serve as a pptp vpn. Problem is I can connect just fine, but I have no internet access when connected. I want to tunnel my traffic over the vpn. I've down about a days worth of googling and seen all the posts about creating NAT or firewall rules, but none that really mention how to create the rule to give connecting clients access to the local lan and internet.

A link to a good post or any info is greatly appreciated.

As far as config:

PFSense is doing all the routing and running dhcp with a subnet of:

10.13.37.1/24

In the PPTP config I have the PPTP server set at 10.13.37.240 and the start address at 10.13.37.150 which is just outside of the address pool.

DNS is set to googles DNS servers. Another weird thing I noticed is once I have configured the PPTP VPN I can no longer even view that section via Chrome. I can just fine in IE.

[GuardMoony]

First of all make sure you set the option "Route all trafic over PPTP VPN" is set on your client.

2nd make sure you put the ip of the pfsense as default gateway. NOT the PPTP server ip

The best resource is still the pfsense forum

[barry99705]

I've started converting my clients away from pptp vpn, cause well, it's not secure, and they're failing PCI compliance scans with pptp. Go to ipsec, or openvpn.

https://sites.google.com/a/vorkbaard.nl/dekapitein/tech-1/how-to-set-up-ipsec-tunneling-in-pfsense-2-0-release-for-road-warriors

https://itunes.apple.com/app/openvpn-connect/id590379981

https://forums.openvpn.net/openvpn-connect-ios-f36.html

[G-Stress]

Thanks for the quick reply guys. 5 minutes after I posted this topic I got it working. The whole time I've been looking through the firewall options I never noticed there was a separate PPTP VPN tab at the top. I selected the PPTP VPN interface and allowed ipv4 and 6 and TCP/UDP and it worked after that.

I have OpenVPN working as well, but not remotely. I need a solution that will work with PC/MAC and iDevices and Droids. I'm having a problem with OpenVPN config on my iphone. I know I need to edit it somehow, just not sure how I'm gonna do it and get it back to the iphone the way the app is.

I will also setup IPSecVPN. I want to get real familiar with all VPN technologies.

[barry99705]

For ios devices, I've had to download the config to a desktop and sync it over with itunes.

[G-Stress]

I was thinking of something along those lines for iOS devices. Now from a security and reliability standpoint I'm wondering if IPSec, L2TP or OpenVPN would be best to use for daily use.

[barry99705]

ipsec or openvpn will be the most compatible, at least from my experience. I use openvpn for my wife's business, and ipsec at client sites. We use l2tp for static location to location vpn connections.

[GuardMoony]

Yeah, the best way is like barry99705 said. The most secure can be ipsec. ( if you add xauth and all that stuff )

[G-Stress]

Thanks for all the info guys. I got PPTP up and working just like I want and I just got IPSec working on my iphone, but I'm confused a bit. I can connect just fine and have internet access though when I goto ipchicken it shows the wan ip of my iphone using IPSec. When I do using PPTP it shows my home WAN address.

I would like to if possible be able to access all machines on my home network using IPSec and route all my traffic through that as well. I just searched on tunneling my traffic over IPSec and it is directing me to configure settings in the "outbound" section of the firewall. The scenario is between 2 office buildings.

I guess I'm a little confused on how my traffic is being routed securely if it doesn't appear to be tunneled being that it is showing my WAN address of my iphone vs my home WAN address.

[barry99705]

Check your configs. There should be a setting on the client side to route all traffic through the tunnel. As it is now, only traffic that needs your home network will go through the tunnel, everything else goes over the normal network.