PPTP VPN Server - Access a host behind the firewall


#1

Hi All,

I’m offsite on a 192.168.1.x LAN. I’m connecting to my Balance 380 office via my Mac PPTP client. The office’s network is also 192.168.1.x. When I connect to the office’s VPN, I get:

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444
inet 192.168.1.18 --> 192.168.1.1 netmask 0xffffff00

When connected to the PPTP VPN, I can get to the Peplink browser based admin at http://192.168.1.1.

I have a host behind the Peplink that I’m trying to reach (192.168.1.10.) I’m not sure what configuration I have to do on the Peplink vs. what I might need to do on my mac to make this happen.

Please help,

Thanks!


#2

Ideally these two networks would be on unique subnets and then the MAC would know how to route to the 1.10 address, otherwise I’m sure it is just trying to route it on the local LAN you are connected to.

In your MAC PPTP client settings, there is an option to send all traffic through the VPN and this should do the trick.


#3

Hi Tim,

Unfortunately, I’m on a Wifi networks currently that I don’t control.

I do have the “send all traffic” set. I can confirm that when I visit whatsmyip.org, it shows the office’s public IP.

I tried to force a route and here’s the output from ping:

bash-3.2# route add -host 192.168.1.10 -interface 192.168.1.18
add host 192.168.1.10: gateway 192.168.1.18
bash-3.2# ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
92 bytes from balance380 (192.168.1.1): Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 ff40 0 0000 3f 01 f8fb 192.168.1.18 192.168.1.10

92 bytes from balance380 (192.168.1.1): Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 d597 0 0000 3f 01 22a5 192.168.1.18 192.168.1.10

92 bytes from balance380 (192.168.1.1): Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 14bd 0 0000 3f 01 e37f 192.168.1.18 192.168.1.10

Thanks for your help.


#4

What about firewall rules on the Balance 380?


#5

Hi Tim,

Outbound rules are all allowed.

For inbound:

PPTP
Protocol: Any
WAN: Any
Source IP Port: 192.168.1.0/24
Destination IP Port: Any
Policy: Allow

Default:
Protocol: Any
WAN: Any
Source IP Port: Any
Destination IP Port: Any
Policy: Deny

Thanks!


#6

The 1.10 IP address is probably already defined on the local network and the default gateway must not be 1.1 or else you would not be able to reach the Balance web admin. I don’t think this is going to work if both networks are the same…