PPTP mysteries


#1

I’ve enabled the PPTP server on my Balance 20 running firmware 6.1.2 and I’ve connected a client (hereinafter “the remote host”).

I see that the remote host, which of course lives outside my LAN, acquires an IP address from my DHCP server and from within my LAN I can ping (and connect to) the remote host. This is good. This is why I wanted to set this up.

However, the remote host CANNOT ping (or connect to) a host on my LAN. This is actually a good thing. I like this. I probably would have chosen to configure things this way. But it’s not what I EXPECTED. I would have thought one of the main reasons for many people to enable PPTP would be to enable the remote host to “see” hosts on the LAN.

I would like to understand why the remote host cannot “see” hosts on my LAN because I want to make sure I understand any security issues involved. If there’s a switch I can throw to enable the remote host to “see” hosts on the LAN, I want to know where that switch is and I want to toggle it and observe the difference in behavior so I’m convinced everything is set up correctly.

Any ideas?


#2

Hello,

It could be various reasons without seeing your entire configuration.

If you are using the FW on your Balance 20 you will need to create a Allow rule for your Local network:
Source: Any
Destination: "Network"
Protocol: Any
Action: Allow

Assuming that you are using ping to check connectivity between units, ensure that no Windows FW would be blocking it from the remote host.

Remote host PPTP settings:

Go into PPTP IPv4 Settings>Advanced: Check mark “Use remote gateway for default gateway”.


#3

Is your DHCP scope the same as on both sides because I have run into issues when both scopes were the same on both ends.


#4

Those hints actually helped, though my thought processes were non-linear and probably not worth detailing. :slight_smile: Thanks!

I had three interfaces active on the remote host, PPTP, PPPoE, and regular Ethernet. The problem went away when I disabled the third interface, regular Ethernet. I had assumed, I guess, that regular Ethernet would be a necessary supporting layer for PPPoE, but I was apparently wrong about that. PPPoE works fine with regular Ethernet disabled. The Ethernet interface, having been configured for DHCP, quietly timed out after no DHCP server replied and assigned itself an IP address. My hypothesis is that my attempts to make the remote host contact hosts within my LAN were actually being directed to the remote host’s local Ethernet interface — in other words the remote host’s own LAN — where they were ignored by the zero other hosts available there. I question, though, why configuring the PPTP interface, which is the first interface listed, for “Send all traffic over VPN connection” didn’t ignore all other interfaces as I would have guessed.

I think what this means is that the PPTP server was making my LAN hosts available to PPTP clients all along and the particular client I was using was misconfigured.