PPTP VPN Router Config

Posted on 2009-02-11
Medium Priority
Last Modified: 2012-05-06
Okay. This is going to sound funny.
I have installed a vpn router for a client at their remote office.  I have PPTP VPN setup and working fine.
Problem is:  Client devices do not have a gateway setup.  They do have IP address and subnet mask, but no default gateway.
They are unable to access these devices through the VPN. But, when they are in the building and wired in, they can access the devices.
I've tried to explain to them, that tney MUST set a default gateway on these devices.
But, they are relunctant.
So, my question is:  Is it possible to route these devices to my PPTP VPN without the devices having a gateway address?
Question by:david_glidewell
  • 3
  • 2

Author Comment

ID: 23619043
This is a manufacturer environment.  They have various vendors and systems (alarm control unit, boiler monitors, chiller flow control, HVAC sensors, etc, etc).

The vendors are given PPTP VPN access to the network to access their devices to manage them and help when troubleshooting issues as they arise.

They devices are setup with a IP address, but no gateway. I don't understand why the vendors have recommended not setting gateways, but they is why the client is relunctant to setting gateways.

Each Vendor has a username / password to the PPTP VPN.  The PPTP VPN assigns these users a static IP address on a non-existent network.  I have setup source route statements that allows each user/static ip to access only their partiucluar equipment.
Network 10.10.132.x / 24
PPTP VPN User (vendor 1):
Source route:
destination: gateway

I am able to ping actual computers with gateways successfully, but the devices without gateways are not responding to pings.

This is a more difficult router config, than I do on daily basis.  And, I never try to setup a situation why no default gateways are allowed. So, I'm in uncharted waters personally.

I'm looking for advice, suggestions.

This is a SnapGear VPN Router. Linux based router.
I can program it to do anything that a Cisco Router can do. I just need suggestions.

Is it possible to do this without default gateways setup on the devices.
(by the way, i've used this type of config at medical offices / medical devices. But, they allowed default gateways in their devices, so everything just worked.)

Author Comment

ID: 23619221
Also, I have the router lan ip(s):,
LVL 19

Accepted Solution

Gabriel Orozco earned 2000 total points
ID: 23624873
I am afraid your only option is to NAT The traffic.

if the internal device with no gateway sees some traffic coming from its own network, it will answer correctly.

since there is no gateway, you simply CANNOT be in a different subnet.

so if you nat the VPN subnet over a unique ip in the devices network, all traffic will be seen and answered as local.

I use to do this with pptp vpn over linux. I do not know if your SnapGear can do that (masquerade the internal network) you should try, or put a linux box to do the nat function.

Author Comment

ID: 23625869
I can source NAT the traffic.  That should work.  Of course, it's NAT, so the initiated traffic is one-way.  Traffic initiated from th VPN will NAT and return. But, traffic initiated from the other side will be dropped by the router, unless I port forward the traffic.

I could give each user a static IP on both networks, and port forward the other side, so the communication is a true two-way.

Does anyone know, if that sounds right?
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 23626636
I think if the users are in the vpn, it is because they will not be always there. with one-way nat should be enough unless you have something in mind, in such case I would fully support the two-way nat for certain users ;-)

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Integration Management Part 2
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month13 days, 23 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question