• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1991
  • Last Modified:

PPTP VPN to Watchguard using PPPoE

Help, does anyone know how I can configure a Watchguard X1000 to allow users to connect to the VPN using PPTP where the external IP address is provided using PPPoE?

I have no way to change the external IP to a static address as the ISP in this case (Etisalat in Dubai) do not provide static IP addresses on DSL lines!

I have the X1000 set up with VPN tunnels between the UK branches and the Dubai branch using a dynamic DNS name which the Dubai server updates when the IP address changes and these work OK (most of the time). However if I try to get a mobile user connected the X1000 bloks theincoming packet automatically even though I have incoming VPNport traffic set to allowed. I also cannot access the Remote User setup options to check the settings.

I compared a config file from our X1000 to the one for Dubai and managed to amend the file to give the appropriate IP address options, etc. and also changed "networking.remote_vpn.pptp.active" from "no" to "yes".

However if I try to save this configuration file back to the X1000 in Dubai it returns an error message saying "PPTP clients are not supported when networking.dynamicip is true".

As mentioned, a static IP address is not an option, but can anyone give me any pointers at all. I am getting my backside kicked about this...

Thanks, Eddie
0
EddieWr
Asked:
EddieWr
  • 3
  • 2
1 Solution
 
dpk_walCommented:
Which version of WG software are you running if you are running version 10.x then with PPPoE and dynaic IP you can enable dynamic DNS on external interface and then configure remote user VPN regularly.

I would like to point out here that, currently firebox only supports DynDNS and NO other dynamic DNS providers.

Other option is bit tricky, as GUI would disable remote user option itself when on dynamic IP then we can put up a cheap device [eg, D-link router (or any other brand as you wish)] in between DSL modem and FB. Now configure FB with static IP which would be on NATted subnet behind the router. Also, configure router to forward all ports to the FB IP [something like DMZ].

With this configuration you would get remote user VPN to work, here the success rate may not be 100% due to NAT implementation by different devices/vendors and ISP restrictions.

Thank you.
0
 
EddieWrAuthor Commented:
Hi dpk_wal,

Thanks for the information, we are running on version 7.4.1.

I guess the simple answer is that we cannot do it unless we put a router betweenthe ISP connection and the Watchguard?

Regards, Eddie
0
 
dpk_walCommented:
Yes, that is correct.
0
 
EddieWrAuthor Commented:
Thanks Dpk_wal,

I am out in Dubai next week hopefully so will try that solution. We may even put the smaller firewall back in as this was newer but taken out due to a faulty ISP connection.

Ta, Eddie
0
 
EddieWrAuthor Commented:
Hi Dpk_wal,\\Just to let you know that I am in Dubai to do an office move and Etisalat decided to provide an ADSL Router instead of an ADSL modem so I was able to implement your suggestion and it appears to be working just fine.

Many thanks for your assitance, Eddie
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now