Skip to main content

PPTP

More
18 years 2 months ago #16895 by Bublitz
PPTP was created by Bublitz
Is there anyway you get internet while connecting to a PPTP vpn. Ive setup PPTP on windows server and also opsnbsd, either one when you connect to the vpn you loose all other connectvity (IE you can't surf the web) is there a way around this?

The Bublitz
Systems Admin
Hospice of the Red River Valley
More
18 years 2 months ago #16896 by TheBishop
Replied by TheBishop on topic Re: PPTP
When you initiate a VPN it generally works on the lines of setting up an additional psuedo-NIC on your machine with it's own IP address, mask etc for the connection. Another thing it can do is to impose another default gateway; on the one I play with there's also a setting for "use default gateway on remote network". I suspect that's what's happening and why you're losing your other connectivity. Suggest you list your interfaces and routing table on your machine both with and without the VPN up and compare. The problem may well then become clear
More
18 years 2 months ago #16897 by Chris
Replied by Chris on topic Re: PPTP
The Bishop has nailed this one :)

I won't analyse it any further, no need. All I can do is simply add a screenshot that shows where exactly you can remove the "use default gateway on remote network" option.


Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
18 years 2 months ago #16921 by Bublitz
Replied by Bublitz on topic Re: PPTP
Thanks guys I will try this.

*****************************************************
Ok if I dont use the remote gateway then the internet works but then I can't ping or see anything on the remote site(Which defeats the purpose of a vpn). If its checked the vpn works but I cannot web surf.

Is there something im missing to get the best of both worlds?

Here is some info I can post more info if needed.

Remote Gateway 192.168.11.1/24
Ip Given on VPN PPTP connect 192.168.12.1/32
local gateway 10.11.25.1/24

The Bublitz
Systems Admin
Hospice of the Red River Valley
More
18 years 2 months ago #16924 by Chris
Replied by Chris on topic Re: PPTP
From the sounds of things, it seems like the remote VPDN is not set up correctly or there's some configuration problem.

When you connect to the VPDN (Windows PPTP VPN), regardless of whether you have the "Use default gateway on remote network" option checked, the remote VPN server should pass down to your client all routes associated with the remote VPN network(s), which doesn't seem to be happening.

This is the reason you are unable to contact any remote VPN network when you remove the default gateway option in your VPN dialup properties.

In addition, when connecting to the VPN, your VPN IP address (192.168.12.1) is different to that of the remote server (192.168.11.1), and this means that if no routes are set in your VPN client upon connection, you won't be able to reach the 192.168.11.0 network.

This Bublitz looks like a pure remote VPN server (or router) configuration issue.

Here's what you can try to see if the above is correct:

- Remove the default gateway check from the TCP/IP properties
- Connect to the VPN
- Try pinging 192.168.11.1 - if no firewall policy is blocking you, you should be able to receive a ping response
- Add the following routes in your computer, using the MS-Dos prompt, substituting the <remote networks> with the network(s) your trying to access:

For example, if you're trying to access the 192.168.15.x and 192.168.44.x network via VPN:
c:\> route add 192.168.15.0 mask 255.255.255.0 192.168.11.1
c:\> route add 192.168.44.0 mask 255.255.255.0 192.168.11.1

Note: that you shouldn't need to add a route to reach the 192.168.11.x network since the router is connected directly to it.

As you can see, we are simply telling your computer that it can find the above networks via 192.168.11.1 (your remote vpn server).

Please give it a try and let us know of the results!

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
18 years 2 months ago #16928 by Smurf
Replied by Smurf on topic Re: PPTP
Great advice Chris,

If that all fails, can you please do what TheBishop said in his first post and post the IPConfig and Routes with and without the VPN ?

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.136 seconds