Quick links:
Product Overview
Installation
Settings and Administration
ADSL
SIP Support
Telephone ports
Network
Firewall
Wireless
VPN
Misc
Licenses
Troubleshooting
Differences
This shows you the differences between two versions of the page.
|
web_gui:pptp_pass-through [2010/11/02 11:01] tibor created |
web_gui:pptp_pass-through [2012/03/26 10:22] (current) vopatek adding note about tcp port redirection. |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== PPTP tunnel pass-throughs ====== | ====== PPTP tunnel pass-throughs ====== | ||
| - | PPTP tunnels going through Internet Gate have to be specified explicitly in the VPN Pass-through field of the [[security profile]] page. | + | PPTP tunnels going through Internet Gate have to be specified explicitly in the VPN Pass-through field of the [[security profile]] page. [[wp>PPTP]] |
| :!: The most important rule to remember is that **two local clients are never allowed to contact the same remote server!** | :!: The most important rule to remember is that **two local clients are never allowed to contact the same remote server!** | ||
| Line 19: | Line 19: | ||
| The remote server is not allowed to be behind a NAT. | The remote server is not allowed to be behind a NAT. | ||
| - | **PPTP** and **IPSec** or **IPSec NAT-T** entries don't affect each other (even though they are entered into the same pass-through-list), thus you can ignore all IPSec and IPSec NAT-T entries when considering what PPTP entry combinations you can enter. | + | **PPTP** and **[[IPSec pass-through|IPSec]]** or **[[IPSec NAT-T pass-through|IPSec NAT-T]]** entries don't affect each other (even though they are entered into the same pass-through-list), thus you can ignore all IPSec and IPSec NAT-T entries when considering what PPTP entry combinations you can enter. |
| ===== Recommendations ===== | ===== Recommendations ===== | ||
| Line 78: | Line 78: | ||
| you will get an error, as two pass-through tunnels are not allowed to go to the same remote server. | you will get an error, as two pass-through tunnels are not allowed to go to the same remote server. | ||
| + | ===== The other way around - PPTP server on the LAN ===== | ||
| + | It is possible to have one single PPTP server on the LAN to be connected by one ore more remote PPTP clients. | ||
| + | If so, first configure the PPTP pass-through as if the server on the LAN was a client: | ||
| + | |||
| + | {{:web_gui:pptp-server.jpg|}} | ||
| + | |||
| + | (In this example, the PPTP server is assumed to sit on the local IP address 192.168.0.9)\\ | ||
| + | Leave the **Remote server IP** empty. | ||
| + | |||
| + | Then add "dport == pptp and proto == tcp modify static daddr 192.168.0.9" as an **additional rule** set on the WAN interface: | ||
| + | |||
| + | {{:web_gui:pptp-servadd.jpg|}} | ||
| + | |||
| + | If your WAN interface is ADSL, choose "LINE" instead in the first column. | ||
| + | |||
| + | It is recommended to add the additional rule above instead of using the tcp port redirection fields. | ||
| + | Adding a tcp port redirection would create two firewall rules instead of one. | ||
