OPNsense Forum
English Forums => General Discussion => Topic started by: ddrazovic on December 29, 2017, 11:38:50 pm
-
Hello guys!
I didn't try OPNsense jet, but I'm thinking about migration from our current solution - pfSense --> OPNsense, but I want to know does OPNsense have same problem for LAN users and their connections to external PPTP VPN's to other client?
Now we have problem - when more than one user need to connect to any external PPTP VPN server - no one else cannot make a new PPTP connection to any other PPTP server....and we have 20 users who need to connect everywhere over PPTP VPN servers of our clients.
I found here description of problems: https://doc.pfsense.org/index.php/PPTP_Troubleshooting
"pf does not have any capabilities of tracking more than one GRE connection per public IP per external host. That is, if the entire internal network gets NAT applied using the same public WAN IP, only one internal machine can connect to a given external GRE source. For PPTP, this means only one PC can connect to a given outside PPTP server at a time. "
...and because I don't have any other public IP - I'm trying to found other solutions...and first choice is OPNsense - but if same problem exists, then... :'( :-\
Just to be clear - this is only one critical problem which I found until now with pfSense :)
...and yes, I know about security problems of PPTP - but I cannot force external clients to switch to OpenVPN/IPsec/Other...
-
As I read it that's a pf limitation, not a pfsense one. Since OPNsense uses pf as well (because that's the packet filter BSD has) it should have the same problem.
But different users should be able to connect to different PPTP servers, no? As I read it the limitation is only relevant if two users want to connect to the same PPTP server.
I'm guessing IPv6 is not an option for you?
-
Thanks for reply ChrisH.
No, I don't have possibility to add new IPv4 or IPv6, one public IP is only what I have.
Well, I didn't try with 2 users on different PPTP, but I will.