Ubuntu – Bridge PPTP VPN with local network

bridgepptpdUbuntuvpn

I have configured on my Ubuntu a VPN server using PPTPD. I can connect to it from outside of my LAN, I can use it's internet connection. But I cannot see my LAN clients (because the VPN and the LAN are on different networks).

This is my configuration:
– PPTP VPN: 10.99.99.0/24, localip: 10.99.99.99
– LAN: 192.168.1.0/24

Is it possible somehow to create a bridge between my LAN and the PPTP VPN? So that I can access the clients from the LAN also. If so, how can I do that?
As I understood the PPTP VPN must be configured on a different network than the LAN.

Best Answer

It is possible to configure PPTP VPN to use same subnet the LAN uses. I used it with such configuration. Or, you can add firewall rules to allow traffic between the two different subnets like following:

Src=192.168.4.0/24, Dst=192.168.1.0/24 srcport=ANY, dstport=ANY ALLOW
Src=192.168.1.0/24, Dst=192.168.4.0/24 srcport=ANY, dstport=ANY ALLOW

By the way, beware that PPTP is compromised protocol; consider PPTP as unencrypted protocol.

Related Solutions

Ubuntu VPN Server (PPTPD) Configuration – Pass Traffic to Internet

Have you done setup of nat on your ubuntu box?

Here is example how to do it using iptables hope it will help you

#!/bin/sh

# iptables executable lives here
IPTABLES='/usr/sbin/iptables'
# renaming of our interfaces for better usability
# externail interface 
EXTIF='eth0'
# internal interface
INTIF='ppp0'
# flushing all of our rules
$IPTABLES -F
$IPTABLES -X
# switching on NAT 
# 192.168.1.0/24 - is an internal network behind our linux box
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -o $EXTIF -j MASQUERADE
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT

# optional tuning
# allow ssh connections to linux box
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
# allow connections to http server on linux box
$IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT
# deny all other connections
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP
$IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP

# port forwarding
# vnc
iptables -A PREROUTING -t nat -i $EXTIF -p tcp --dport 5900 -j DNAT --to 192.168.1.116:5900
iptables -A INPUT -p tcp -m state --state NEW --dport 5900 -i $EXTIF -j ACCEPT
# samba
iptables -A PREROUTING -t nat -i $EXTIF -p tcp --dport 139 -j DNAT --to 192.168.1.116:139
iptables -A INPUT -p tcp -m state --state NEW --dport 139 -i $EXTIF -j ACCEPT
iptables -A PREROUTING -t nat -i $EXTIF -p tcp --dport 445 -j DNAT --to 192.168.1.116:445
iptables -A INPUT -p tcp -m state --state NEW --dport 445 -i $EXTIF -j ACCEPT

Ubuntu – Can’t reach hosts in same network as server via pptpd on ubuntu 10.4

I'm thinking that the LAN where the client is connecting from is using the same subnet as the LAN where the pptp server is, typically 192.168.1.0/24. If it is then that's the problem. The solution would be to use a different subnet on the client side or the server side.

Best Answer

Related Solutions

Ubuntu VPN Server (PPTPD) Configuration – Pass Traffic to Internet

Ubuntu – Can’t reach hosts in same network as server via pptpd on ubuntu 10.4

Related Topic