OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: Monocle on January 14, 2019, 05:57:43 am
-
Hello,
I know some of you might laugh at me for this, but I need help or a guide on how to host a PPTP server on OPNsense 18.7.10-amd64. I've scoured google for a while but can only find some answers but not a complete step by step guide.
Ideally I would use it to access my NAS running off a WRT1900AC running DD-WRT which is on top of my OPNsense box.
Thanks, and sorry if this seems like a noobish question.
-
Hi!
1. Find the PPTP plugin in System: Firmware: Plugins and install it.
2. Configure it so that the server address is the LAN address of OPNsense, and the start of the interval to be used by the PPTP client(s) (just to keep things as simple as possible - otherwise you can choose other subnet than LAN). The length of the interval is given by the "No. PPTP users" option.
3. Create a NAT Rule with an associated FW rule that translates port 1723 from WAN to LAN (public IP to private IP of OPNsense).
4. In FW, on the PPTP interface, create the necessary outbound rules to allow traffic from PPTP clients to LAN... If needed, same thing on LAN interface, to allow outbound traffic to PPTP (by default it's not required, LAN is already allowed everywhere right from scratch - the initial wizard running).
Hope it helps.
A good day to you!
-
Alrighty, so I set up the PPTP Server to spec, and when I get to the PPTP firewall rule I do not have an option to specify a port. Destination Port Range is disabled and I can not interact with it. Refer to the screenshot attached.
Thanks
edit: i have no idea what i'm doing
-
You don't need to!
You'll have to have 3 rules:
1. NAT rule on WAN interface: Source: ANY/ any (IP ADDRESS/ port), Destination: WAN ADD/ pptp(1723), NAT: LAN ADD/ pptp(1723) (enable "Filter Rule Association")
2. FW rule (associated): see above, automatically created by the system if you check to enable "Filter Rule Association" option in NAT rule.
3. FW rule on PPTP interface: Source: PPTP NET/ any, Destination: LAN NET/ any. This limits PPTP clients to LAN access, no internet. Case you want to allow LAN and internet access, change Destination: LAN NET/ any to ANY/any.
It should work.
-
I'm still having no luck unfortunately. I've attached several screenshots with my current configurations including the PPTP raw logs
https://imgur.com/a/bjPMaAe
-
Anyone?
-
Sorry, nope!... :(
-
Anyone?
I'm sure GRE 47 also needs to open for PPTP connections. Unfortunately i haven't setup PPTP connections in years and not on OPENSENSE. I can fire up a VM to see how it works but i have a question, is there a specific reason you are using PPTP vs say OPENVPN or another modern alternative ?
-
Hi everybody. I'm here trying to make it work too.
I tried just as @hutiucip said and I can't get it to work.
I tried before with a local pptp server. Port Forwarding works, the local server sees the incoming connection, but i can't figure out why it doesn't allow me to connect.
If i try to connect from inside the LAN it works flawlessly, but when I go outside and try to connect from my mobile phone through 3g, the server shows as if I was connected, it even shows my 3g IP address, but shortly after, the connection is lost.
Here you can see more details.
https://forum.opnsense.org/index.php?topic=12061.0 (https://forum.opnsense.org/index.php?topic=12061.0)