Routing traffic between home machines and remote machines over pfSense PPTP VPN…

pfsensepptproutingvpn

I'm having a bit of trouble routing my traffic through my VPN server. Basically I have a pfSense setup that works amazingly well for everything it's currently doing. However, now, I have need to set up a PPTP VPN. I've got the basic setup and login working fine. When I check my IP it says I'm on the remote network, etc. However, I can't seem to figure out how to properly route traffic to the internal network.

My current setup is as follows:

HOME SETUP
Trendnet Router:  192.168.1.1
1 MAC (192.168.1.101)
1 PC(192.168.1.148)

<——INTERNET——>

WORK SETUP
pfSense Firewall:  192.168.1.1
7 PC
3 Linux
all on 192.168.1.0 subnet

PFSENSE PPTP SETTINGS
Server Address: 192.168.2.1
Remote Address Range: 192.168.2.192/28
Require 128-bit Encryption:  True

As I said, I can connect to the PFSENSE VPN just fine and I'll receive an IP of 192.168.2.192 (or above). However I need to figure out what kind of rules I need in order to route traffic to the machines on the 192.168.1.0 WORK subnet so that they show up in network neighborhood, etc (and so that I can eventually VNC to them). I've added a rule to allow ALL traffic from the PPTP interface in, but I'm not sure where to go from here. Any assistance is most appreciated.

Best Answer

You're work and home networks are setup on the same subnet (192.168.1.0/24) You are going to need to switch one of them to another subnet otherwise the machines will never be able to route out to the machines on the other network, as they think they are local.

If you still can't talk after you switch the subnet at one location, post back here and we can work with you from there.

To clarify a little on how VPN works based on your comment.

You don't assign the VPN clients to the same subnet as you office. They need to be on a unique subnet. For my example lets assume the following:

Home subnet is 192.168.1.0/24
Office subnet is 10.0.0.0/24
VPN subnet is 10.2.0.0./24

What a connection to the office would look like is this:

Home computer: NIC1: 192.168.1.50; vNIC1-VPN: 10.2.0.50
pfSense: PublicNIC: 1.1.1.1; PrivateNIC: 10.0.0.10; vNIC1-VPN: 10.2.0.1
office server: NIC1: 10.0.0.100

The vNICx-VPN nics will be setup by your vpn client/server

After the user has established a VPN connection to the office, the traffic flow will look like:

The Home Computer connects to 10.0.0.100 it will:

Look up the route in the routing table
see a route that specifies the VPN adapter as the gateway
The VPN Client subsystem will encapsulate the packets
The machine will then send them over the public internet to the pfSense router.

Once the router gets a VPN encapsulated packet it:

sends it to the VPN Daemon subsystem
The VPN subsystem will decode the packet
The host will look up the unencrypted destination
The machine will then route it out the proper interface to be sent to the Server.

The response from the server will be sent to the pfSense router (since the subnet is not directly connected and the machine doesn't have any routes to that machine)

The pfSense router will:

look up the Home computer VPN IP as that is what the server will see the packet as comming from.
The routing table will tell it to send it through the VPN virtual adapter.
The packet will be sent to the vpn Subsystem encapsulated, and sent over the internet to the client machine.

Once at the client machine the VPN subsystem will decrypt the packet and send it up the networking stack to the application.

Wash, rinse, repeat.

Best Answer

Related Solutions

Windows – How to Route Traffic in Case PPTP Remote Client is on Same Subnet as Server

Problem linking two Cisco routers with a static route

Related Topic