Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

PFSense VPN Clients missing gateway

Posted on 2014-04-06
7
Medium Priority
?
1,679 Views
Last Modified: 2014-10-21
Hi,

For some reason some users of our PPTP VPN connection when they connect to the VPN they are assigned an IP but the gateway is listed as 0.0.0.0 and they are unable to ping or access the network but they are connected to the VPN. This appears to be happening for 4 out of 16 users.

On the machines that work, the gateway is the same as the IP address that is assigned to the VPN connection.

We have version 2.1-RELEASE (i386)  and it says that it's up to date.

Any suggestions as to why it would assign a blank gateway and how I can fix it, is there something on the client or PFSense end that needs to change?
0
Comment
Question by:TyreeSupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39983303
maybe this can be of interest from the pfsense forum. The restart help but I also the essential of redirect gateway. E.g
- If you're on the client end, no push, just redirect-gateway def1.
- You only use the push if you're on the server side trying to force a client to do that., e.g. push redirect-gateway def1.
0
 

Author Comment

by:TyreeSupport
ID: 40066425
I'm not sure any of this is relevant as I'm not using the openvpn but also I am not pushing the gateway.

As most of the clients work, it's just a couple of them that don't I'm not sure that it's PFSense.

I have not been able to resolve this and after searching I have not found others that have this issue..
0
 
LVL 64

Expert Comment

by:btan
ID: 40067114
strange though if this have not happened in  your past old version for the PFSense. Nonetheless, I was thinking if we can force the traffic into the PPTP tunnel since the VPN is 'up' e.g. pass all traffic to the LAN network via the PPTP connection. Some sort of below

Firewall -> Rules -> PPTP VPN
Add new rule
Protocol IPv4 TCP.
Source PPTP Clients
Port *
Destination *
Gateway *
Queue none
0
 

Author Comment

by:TyreeSupport
ID: 40073918
This is a new install so I have not had this issue in the past.

My connection already had a rule like what you had suggested I think, I have attached a screenshot of the PPTP VPN rules.

Not sure if there is anything I can do?
portforwards.jpg
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 40075255
Check this config compared to your shared rule - the protocol is wildcard as well
http://www.electricalchemy.org/pfsense/img/pptp_vpn_fw_rules_config.JPG

This link walk throught steps will help to review your PPTP VPN config - note the part on the client side it stated to Uncheck “use default gateway on remote network”
https://doc.pfsense.org/index.php/PPTP_VPN

Actually I am thinking to spend more effort to drill further may not be worthwhile .. see pfsense posting unless you accept the risk knowingly.

PPTP is no longer considered a secure VPN technology because it relies upon MS-CHAPv2 which has been compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question