PPTP VPN Router Config

Okay. This is going to sound funny.
I have installed a vpn router for a client at their remote office.  I have PPTP VPN setup and working fine.
Problem is:  Client devices do not have a gateway setup.  They do have IP address and subnet mask, but no default gateway.
They are unable to access these devices through the VPN. But, when they are in the building and wired in, they can access the devices.
I've tried to explain to them, that tney MUST set a default gateway on these devices.
But, they are relunctant.
So, my question is:  Is it possible to route these devices to my PPTP VPN without the devices having a gateway address?
david_glidewellAsked:
Who is Participating?
 
Gabriel OrozcoConnect With a Mentor Solution ArchitectCommented:
I am afraid your only option is to NAT The traffic.

if the internal device with no gateway sees some traffic coming from its own network, it will answer correctly.

since there is no gateway, you simply CANNOT be in a different subnet.

so if you nat the VPN subnet over a unique ip in the devices network, all traffic will be seen and answered as local.

I use to do this with pptp vpn over linux. I do not know if your SnapGear can do that (masquerade the internal network) you should try, or put a linux box to do the nat function.
0
 
david_glidewellAuthor Commented:
This is a manufacturer environment.  They have various vendors and systems (alarm control unit, boiler monitors, chiller flow control, HVAC sensors, etc, etc).

The vendors are given PPTP VPN access to the network to access their devices to manage them and help when troubleshooting issues as they arise.

They devices are setup with a IP address, but no gateway. I don't understand why the vendors have recommended not setting gateways, but they is why the client is relunctant to setting gateways.

Each Vendor has a username / password to the PPTP VPN.  The PPTP VPN assigns these users a static IP address on a non-existent network.  I have setup source route statements that allows each user/static ip to access only their partiucluar equipment.
example:
Network 10.10.132.x / 24
PPTP VPN User (vendor 1):  10.1.1.5
Source route:
source 10.1.1.5/255.255.255.255
destination: 10.10.132.20/255.255.255.255 gateway 10.10.132.1

I am able to ping actual computers with gateways successfully, but the devices without gateways are not responding to pings.

This is a more difficult router config, than I do on daily basis.  And, I never try to setup a situation why no default gateways are allowed. So, I'm in uncharted waters personally.

I'm looking for advice, suggestions.

This is a SnapGear VPN Router. Linux based router.
I can program it to do anything that a Cisco Router can do. I just need suggestions.

Is it possible to do this without default gateways setup on the devices.
(by the way, i've used this type of config at medical offices / medical devices. But, they allowed default gateways in their devices, so everything just worked.)
0
 
david_glidewellAuthor Commented:
Also, I have the router lan ip(s):  10.10.132.1, 10.1.1.1
0
 
david_glidewellAuthor Commented:
I can source NAT the traffic.  That should work.  Of course, it's NAT, so the initiated traffic is one-way.  Traffic initiated from th VPN will NAT and return. But, traffic initiated from the other side will be dropped by the router, unless I port forward the traffic.

I could give each user a static IP on both networks, and port forward the other side, so the communication is a true two-way.

Does anyone know, if that sounds right?
0
 
Gabriel OrozcoSolution ArchitectCommented:
I think if the users are in the vpn, it is because they will not be always there. with one-way nat should be enough unless you have something in mind, in such case I would fully support the two-way nat for certain users ;-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.