PPTP on Balance 20 - can't access LAN nor Internet

Tim_S · July 22, 2012, 11:57pm

Hi Bernard,

I think the problem may be because both sides are in the exact same subnet. Could you try changing one of them to 192.168.2.x for example?

Bernard_Deprez · July 23, 2012, 9:34am

Hi Tim,

You may be right - I did some googling around and found this could indeed be a possible problem - even though I checked the netstat data and saw that the peplink (then named “balance-wan”) is the default route… Since I configured the client to route all traffic through the VPN, I would expect it to work. In fact, I can’t be changing my home LAN subnet every time I need to access it from a location where the ‘local LAN’ and my ‘home LAN’ have the same subnet. If today I change my subnet to 192.168.2.x and tomorrow I want to connect from a location that uses the same, I can’t be changing it all to something else again… I have all my equipment with static IPs (and there are 25 reserved IPs) so I simply don’t want to change it around… And I can’t test it thoroughly since I’m about 2.000 km away from home at the moment without the option of changing the local subnet

I will be looking a bit more into this - it should be possible to create a static route on my Mac that forces all traffic to my home LAN over the VPN - there simply must be a way to do this.

Thanks,
Bernard

ps. luckily I have an SSH server running on my Win2K8 which works and which has RDP and SFTP so I’m not completely cut off. And since I use certificates for authentication, it’s probably even more secure than PPTP…

Heathy65 · October 15, 2012, 6:19pm

I have exactly the same problem. Was this issue fixed, if so how?

Heathy65 · October 15, 2012, 10:21pm

Some further information.
My remote machine’s network (192.168.1.0/24) is different to the Peplink LAN address (192.168.111.0/24).
When I connect to the VPN my remote machine is assigned an IP address in the 192.168.111.0 subnet (192.168.111.72 in the example below).
I can then connect to the Peplink Balance 30 admin page on 192.168.111.1 but I cannot communicate with any other hosts on my LAN.

This is an extract of my ‘netstat -rn’ on my remote machine.

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1        UGSc           30        0     en1
default            192.168.111.1      UGScI           2        0    ppp0
---
192.168.111        ppp0               USc             2        0    ppp0
192.168.111.1      192.168.111.72     UHr             5        8    ppp0

Any thoughts appreciated.

Bernard_Deprez · October 16, 2012, 6:12am

Hi Heathy65,
To be honest, I don’t know - I changed my home subnet to 172.16.10.x but haven’t tested in the meantime - I’ll have to try sometime soon… When I do, I’ll let you know if that worked!
Cheers,
B.

vikram0228 · December 27, 2012, 3:02am

HOW WAS THIS PROBLEM SOLVED???

CAN ANY PEPLINK ADMIN PLEASE ADVISE. THANKS

Heathy65 · December 27, 2012, 3:22am

Hi,
I created a single rule in the Firewall configuration (Inbound Firewall Configuration) with the following settings:

Rule Name: PPTP
Enable: Yes
WAN Connection: Any
Protocol: Any
Source IP & Port: IP=192.168.1.0 Mask=255.255.255.0
Destination IP & Port: IP=192.168.1.0 Mask=255.255.255.0
Action: Allow
Event Logging: Enable

You will need to change the source & destination addressing from 192.168.1.0 (and the mask) to match your LAN addressing.

This enabled me to VPN in and access endpoints/equipment on my LAN (previously I could only access the actual Balance 30 via the VPN).

This configuration still seems a bit weird TBH, i.e. having a rule with the same source & destination but it works…

Cheers Ian

Kurt_See · January 10, 2013, 8:35pm

Thanks for your info, Ian.

Ummm I would expect Balance to allow PPTP users access LAN resources without this firewall rule. Which firmware is your Balance running? We will try to reproduce this in our lab and fix this from there.

Heathy65 · January 11, 2013, 5:30am

Hi Kurt,

Yeh seems very strange to me too.

I’m currently on 5.4.6 build 1585

Cheers Ian

Kurt_See · January 15, 2013, 5:54pm

Thanks Ian. Let’s us take a good look at this.

Heathy65 · January 15, 2013, 5:58pm

I’ve upgraded to 5.4.7 now so will see if I have the same problem on that version too.

Bernard_Deprez · February 2, 2013, 1:33am

Hi Heathy,

were you able to connect without the firewall rule?

Thx,
Bernard

Ron_Case · February 10, 2013, 11:53pm

Hi all,

This configuration is correct and I will try to explain it below:

It is an inbound firewall rule since the PPTP client is coming from the outside.
You are getting authenticated to the local network via PPTP so that is the source network.
The destination of 192.168.1.0 will restrict you to keeping on the local network.
By default, the Microsoft PPTP client will use the remote destination gateway. With this setting you can control whether or not the client can also get out to the internet from the Balance. To allow for split tunneling, simply change the destination network to “Any”.

Best regards,

Ron

jf3000 · August 7, 2015, 2:40am

I also wasn’t able to access internal LAN resources after connecting to the PPTP server. Creating the inbound FW rule solved it! thanks for the tip.

Just to add, in Windows 10, the “Use default gateway on remote network” option is not accessible via the VPN network properties GUI (actually, the whole GUI doesn’t come up at all, believe its a known bug).

To force all traffic thru the VPN connection, run powershell set-vpnconnection “vpnname” -splittunnel $False

To verify all traffic is inside the tunnel, just tracert google.com and the first hop should be your surf soho IP.

omnetworks · December 22, 2015, 5:31pm

Is this problem resolved? I have balance one but I am able to connect PPTP but cannot access local resources. I tried keeping access rules as well but didn’t worked for me.

Model: Peplink Balance One Core
Firmware: 6.2.2 build 2037

jf3000 · December 22, 2015, 11:35pm

Yes, on my Surf SOHO got it working by adding an INBOUND FW rule. The rule allows source of your internal LAN subnet to ANY Destination. Example: 192.168.x.x to Any Destination.

Not sure if recent firmware updates have changed this though.

Model: Pepwave Surf SOHO
Firmware:6.2.0 build 1644

TK_Liew · December 27, 2015, 1:54pm

Hi,

Please enable InterVlan routing. Our tech support was feedbacked this via ticket. Please check and follow up there.

Thank you.

SirStevo · March 1, 2016, 7:18pm

Hi,

I am experiencing exactly the same problem. I have added the rules as described in previous threads in this post and I have enabled InterVlan routing but neither of these resolve the issue.

Thanks

sitloongs · March 2, 2016, 11:10am

Hi,

Please open a support ticket here for the team to further investigate.

Please make sure you include the following info in the support ticket for the team to further diagnose the reported issue:

Enable remote assistant for the device:
Peplink | Pepwave - Forum
PPTP test account
username
password

Thank You

outerheaven11 · December 7, 2020, 11:59am

I am having this same issue. Using the rule it worked for a minute, then when I disconnected and reconnected it no longer works. The only thing I get is the Peplink config page. Inter-VLAN routing is enabled. It’s the same problem as others were having, with both local and remote networks using the 192.168.0.x subnet. The support ticket link in the above reply is invalid.