Solved

PFSense VPN Clients missing gateway

Posted on 2014-04-06
7
1,548 Views
Last Modified: 2014-10-21
Hi,

For some reason some users of our PPTP VPN connection when they connect to the VPN they are assigned an IP but the gateway is listed as 0.0.0.0 and they are unable to ping or access the network but they are connected to the VPN. This appears to be happening for 4 out of 16 users.

On the machines that work, the gateway is the same as the IP address that is assigned to the VPN connection.

We have version 2.1-RELEASE (i386)  and it says that it's up to date.

Any suggestions as to why it would assign a blank gateway and how I can fix it, is there something on the client or PFSense end that needs to change?
0
Comment
Question by:TyreeSupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39983303
maybe this can be of interest from the pfsense forum. The restart help but I also the essential of redirect gateway. E.g
- If you're on the client end, no push, just redirect-gateway def1.
- You only use the push if you're on the server side trying to force a client to do that., e.g. push redirect-gateway def1.
0
 

Author Comment

by:TyreeSupport
ID: 40066425
I'm not sure any of this is relevant as I'm not using the openvpn but also I am not pushing the gateway.

As most of the clients work, it's just a couple of them that don't I'm not sure that it's PFSense.

I have not been able to resolve this and after searching I have not found others that have this issue..
0
 
LVL 63

Expert Comment

by:btan
ID: 40067114
strange though if this have not happened in  your past old version for the PFSense. Nonetheless, I was thinking if we can force the traffic into the PPTP tunnel since the VPN is 'up' e.g. pass all traffic to the LAN network via the PPTP connection. Some sort of below

Firewall -> Rules -> PPTP VPN
Add new rule
Protocol IPv4 TCP.
Source PPTP Clients
Port *
Destination *
Gateway *
Queue none
0
 

Author Comment

by:TyreeSupport
ID: 40073918
This is a new install so I have not had this issue in the past.

My connection already had a rule like what you had suggested I think, I have attached a screenshot of the PPTP VPN rules.

Not sure if there is anything I can do?
portforwards.jpg
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40075255
Check this config compared to your shared rule - the protocol is wildcard as well
http://www.electricalchemy.org/pfsense/img/pptp_vpn_fw_rules_config.JPG

This link walk throught steps will help to review your PPTP VPN config - note the part on the client side it stated to Uncheck “use default gateway on remote network”
https://doc.pfsense.org/index.php/PPTP_VPN

Actually I am thinking to spend more effort to drill further may not be worthwhile .. see pfsense posting unless you accept the risk knowingly.

PPTP is no longer considered a secure VPN technology because it relies upon MS-CHAPv2 which has been compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question