Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1742
  • Last Modified:

PFSense VPN Clients missing gateway

Hi,

For some reason some users of our PPTP VPN connection when they connect to the VPN they are assigned an IP but the gateway is listed as 0.0.0.0 and they are unable to ping or access the network but they are connected to the VPN. This appears to be happening for 4 out of 16 users.

On the machines that work, the gateway is the same as the IP address that is assigned to the VPN connection.

We have version 2.1-RELEASE (i386)  and it says that it's up to date.

Any suggestions as to why it would assign a blank gateway and how I can fix it, is there something on the client or PFSense end that needs to change?
0
TyreeSupport
Asked:
TyreeSupport
  • 3
  • 2
1 Solution
 
btanExec ConsultantCommented:
maybe this can be of interest from the pfsense forum. The restart help but I also the essential of redirect gateway. E.g
- If you're on the client end, no push, just redirect-gateway def1.
- You only use the push if you're on the server side trying to force a client to do that., e.g. push redirect-gateway def1.
0
 
TyreeSupportAuthor Commented:
I'm not sure any of this is relevant as I'm not using the openvpn but also I am not pushing the gateway.

As most of the clients work, it's just a couple of them that don't I'm not sure that it's PFSense.

I have not been able to resolve this and after searching I have not found others that have this issue..
0
 
btanExec ConsultantCommented:
strange though if this have not happened in  your past old version for the PFSense. Nonetheless, I was thinking if we can force the traffic into the PPTP tunnel since the VPN is 'up' e.g. pass all traffic to the LAN network via the PPTP connection. Some sort of below

Firewall -> Rules -> PPTP VPN
Add new rule
Protocol IPv4 TCP.
Source PPTP Clients
Port *
Destination *
Gateway *
Queue none
0
 
TyreeSupportAuthor Commented:
This is a new install so I have not had this issue in the past.

My connection already had a rule like what you had suggested I think, I have attached a screenshot of the PPTP VPN rules.

Not sure if there is anything I can do?
portforwards.jpg
0
 
btanExec ConsultantCommented:
Check this config compared to your shared rule - the protocol is wildcard as well
http://www.electricalchemy.org/pfsense/img/pptp_vpn_fw_rules_config.JPG

This link walk throught steps will help to review your PPTP VPN config - note the part on the client side it stated to Uncheck “use default gateway on remote network”
https://doc.pfsense.org/index.php/PPTP_VPN

Actually I am thinking to spend more effort to drill further may not be worthwhile .. see pfsense posting unless you accept the risk knowingly.

PPTP is no longer considered a secure VPN technology because it relies upon MS-CHAPv2 which has been compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now