Ad_Feed

Tuesday, February 23, 2010

pfsense PPTP VPN setup

Setting up a PPTP VPN server in pfsense is easy. Before doing this, you need to ask your self a few questions.

  1. What is the external interface (public IP) at which users can terminate their PPTP connections on.
  2. An address range (/28) perferably in your LAN that the remote systems will acquire.
When this two issues are sorted, we can continue setting up the server.
  • Log into your pfsense gateway, click on VPN------PPTP
     
  • Enable PPTP server, specify the external interface IP address or public address, and the remote address (a subnet of the LAN address) and SAVE.

    • To create PPTP users, click on the user tab, then click on the add user sign. Enter username and password and SAVE.
     

    •  PPTP will automatically create a rule allowing traffic to the interface.

    Configure PPTP client under windows
    • Start --> Control Panel --> Network Connections
      File --> New Connection --> Next
      Connect to the network at my workplace --> Next
      Select VPN connection --> Next
      Enter descriptive name for connection --> Next
      Do not dial the initial connection --> Next
      Enter hostname or PUBLIC IP address of the PPTP server --> Next
      Note that in this example the IP here is RFC1918 private, however that’s only because in my lab environment the WAN IP is on a private segment.
      Select do not use smart card --> Next
      Click on Finish
      That is all that is required. Now, if you will be accessing resources on the VPN network that are not directly connected to the firewall itself, you will probably want to skip this step.
      If you do skip this step when you connect to the PPTP server, your default gateway for ALL traffic will be via the PPTP VPN. With the current ruleset I’ve created in this example, this means that you will be unable to reach any resources outside the LAN or DMZ subnets.
      To remedy the situation, click on Properties
      Click on Networking --> Internet Protocol
      Properties --> Advanced
      Uncheck “use default gateway on remote network”
      Click OK, OK, OK
      Now enter your username and password (configured during the PPTP User Setup process)
      Click on Connect
      Should get Connecting --> Verifying username & password --> Authenticated
      Now right click on the tray icon for the VPN connection --> Properties --> Details
      Ensure that we are using MSCHAP v2 and MPPE 128
    Posted by at
    Labels:

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)