PPTP Client Feature

Security Gateway Discussions
Post Reply
tstsistemi
Posts: 12
Joined: 13 Jan 2010, 22:36
Location: Parma, Italy
Contact:

PPTP Client Feature

Post by tstsistemi » 10 Jan 2012, 23:30

Hi Guys,
i need to use my clavister like a PPTP client in order to connect some client behind Clavister to network behind PPTP server.
I've read configuration's manual and it reports an example very similar to my purpose. I've tried this configuration, but i can only ping remote network from PPTP cliente (clavister), but not from any client behind it. Can anyone help me?

Manual says:
One usage of the PPTP client feature is shown in the scenario depicted below.
Here a number of clients are being NATed through CorePlus before being connected to a PPTP
server on the other side of the Clavister Security Gateway. If more that one of the clients is acting
Chapter 9: VPN
527
as a PPTP client which is trying to connect to the PPTP server then this will not work because of
the NATing.
The only way of achieving multiple PPTP clients being NATed like this, is for the Clavister Security
Gateway to act as a PPTP client when it connects to the PPTP server. To summarize the setup:
• A PPTP tunnel is defined between CorePlus and the server.
• A route is added to the routing table in CorePlus which specifies that traffic for the server
should be routed through the PPTP tunnel.
Attachments
PPTP.JPG
PPTP.JPG (20.83 KiB) Viewed 8192 times

danilovav
Posts: 181
Joined: 10 May 2009, 08:16
Location: Moscow, Russia
Contact:

Re: PPTP Client Feature

Post by danilovav » 11 Jan 2012, 02:22

Show your network schema as picture
Does your PPTP server NATed?
BR, Alexandr Danilov

tstsistemi
Posts: 12
Joined: 13 Jan 2010, 22:36
Location: Parma, Italy
Contact:

Re: PPTP Client Feature

Post by tstsistemi » 11 Jan 2012, 05:53

yes, i've made this configuration:

Nat Lan Lannet PPTPInt PPTPInt_subnet.

if itry to ping with a client the PPTP server (is another Clavister and i cannot use IPSEC) reports in log "only_routes_set_up_by_server_iface_allowed"
Thanks

danilovav
Posts: 181
Joined: 10 May 2009, 08:16
Location: Moscow, Russia
Contact:

Re: PPTP Client Feature

Post by danilovav » 13 Jan 2012, 02:46

"NATed" means locaned behind NAT
Show your network schema as picture
BR, Alexandr Danilov

tstsistemi
Posts: 12
Joined: 13 Jan 2010, 22:36
Location: Parma, Italy
Contact:

Re: PPTP Client Feature

Post by tstsistemi » 16 Jan 2012, 17:43

Ok i've a tipical IPSEC VPN situation:

lan_place_A (192.168.15.0/24)- SG12 (VPN Client 192.168.15.254) ---------------- (INTERNET) --------------- SG12 (VPN Server 192.168.16.254) - lan_place_B (192.168.16.0/24)

In this situation with my configuration only SG12 (192.168.15.254) reach all place_B_subnet, and i cannot reach it from any host behind place_A

Thanks

danilovav
Posts: 181
Joined: 10 May 2009, 08:16
Location: Moscow, Russia
Contact:

Re: PPTP Client Feature

Post by danilovav » 20 Jan 2012, 00:55

Do you use IPsec? Or PPTP???

Regarding IPsec - Status > IPsec - can you see SA for your tunnel?
Start ping -t to remote network and check Status > Connections - can you see outbound to remote device? Inbound on remote device?
BR, Alexandr Danilov

tstsistemi
Posts: 12
Joined: 13 Jan 2010, 22:36
Location: Parma, Italy
Contact:

Re: PPTP Client Feature

Post by tstsistemi » 26 Jan 2012, 23:08

No, i don't use IPSEC, ican't. I must use PPTP.
Tunnel is ok, but my laptop placed in lan A cannot ping any host placed in lan B. Clavister (LAN's "A" gateway) pings any LAN's "B" hosts.
I don't know how to route my packets through my gateway

danilovav
Posts: 181
Joined: 10 May 2009, 08:16
Location: Moscow, Russia
Contact:

Re: PPTP Client Feature

Post by danilovav » 27 Jan 2012, 01:16

On place A (client), your PPTP client should have route to 192.168.16.0/24 network

On place B (server), your PPTP user should have "network behind" 192.168.15.0/24
BR, Alexandr Danilov

techmania
Posts: 1
Joined: 15 Sep 2018, 22:01

Re: PPTP Client Feature

Post by techmania » 15 Sep 2018, 22:08

It give more function and configurational ping which is easily monitor and it is simple execute fast. we can work at local and remote servcer via LAN

Post Reply