PPTP VPN Router Config

Posted on 2009-02-11
Last Modified: 2012-05-06
Okay. This is going to sound funny.
I have installed a vpn router for a client at their remote office.  I have PPTP VPN setup and working fine.
Problem is:  Client devices do not have a gateway setup.  They do have IP address and subnet mask, but no default gateway.
They are unable to access these devices through the VPN. But, when they are in the building and wired in, they can access the devices.
I've tried to explain to them, that tney MUST set a default gateway on these devices.
But, they are relunctant.
So, my question is:  Is it possible to route these devices to my PPTP VPN without the devices having a gateway address?
Question by:david_glidewell

    Author Comment

    This is a manufacturer environment.  They have various vendors and systems (alarm control unit, boiler monitors, chiller flow control, HVAC sensors, etc, etc).

    The vendors are given PPTP VPN access to the network to access their devices to manage them and help when troubleshooting issues as they arise.

    They devices are setup with a IP address, but no gateway. I don't understand why the vendors have recommended not setting gateways, but they is why the client is relunctant to setting gateways.

    Each Vendor has a username / password to the PPTP VPN.  The PPTP VPN assigns these users a static IP address on a non-existent network.  I have setup source route statements that allows each user/static ip to access only their partiucluar equipment.
    Network 10.10.132.x / 24
    PPTP VPN User (vendor 1):
    Source route:
    destination: gateway

    I am able to ping actual computers with gateways successfully, but the devices without gateways are not responding to pings.

    This is a more difficult router config, than I do on daily basis.  And, I never try to setup a situation why no default gateways are allowed. So, I'm in uncharted waters personally.

    I'm looking for advice, suggestions.

    This is a SnapGear VPN Router. Linux based router.
    I can program it to do anything that a Cisco Router can do. I just need suggestions.

    Is it possible to do this without default gateways setup on the devices.
    (by the way, i've used this type of config at medical offices / medical devices. But, they allowed default gateways in their devices, so everything just worked.)

    Author Comment

    Also, I have the router lan ip(s):,
    LVL 19

    Accepted Solution

    I am afraid your only option is to NAT The traffic.

    if the internal device with no gateway sees some traffic coming from its own network, it will answer correctly.

    since there is no gateway, you simply CANNOT be in a different subnet.

    so if you nat the VPN subnet over a unique ip in the devices network, all traffic will be seen and answered as local.

    I use to do this with pptp vpn over linux. I do not know if your SnapGear can do that (masquerade the internal network) you should try, or put a linux box to do the nat function.

    Author Comment

    I can source NAT the traffic.  That should work.  Of course, it's NAT, so the initiated traffic is one-way.  Traffic initiated from th VPN will NAT and return. But, traffic initiated from the other side will be dropped by the router, unless I port forward the traffic.

    I could give each user a static IP on both networks, and port forward the other side, so the communication is a true two-way.

    Does anyone know, if that sounds right?
    LVL 19

    Expert Comment

    I think if the users are in the vpn, it is because they will not be always there. with one-way nat should be enough unless you have something in mind, in such case I would fully support the two-way nat for certain users ;-)

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now