i have a main office running a PPTP VPN server (Microsoft Remote Access Services). Is it possible for the pfSense router at a satellite location to automatically route traffic destined for the main location over a PPTP VPN link? (obviously via NAT, since the main office server wouldn't know how to route back to internal satellite machines)
Satellite Main
192.168.x x 10.0.x.x
i can understand LAN traffic on Satellite destined for 10.0.0.11 would go to the default gateway.
At the Satellite location the default gateway is a pfSense router.
Conceivably, a static route could be created that sends traffic destined for 10.0.x.x out the vpn interface. e.g.:
Destination Netmask Gateway
=========== =========== ==========
0.0.0.0 0.0.0.0 69.64.6.21 (WAN interface)
10.0.0.0 255.255.0.0 10.0.1.221 (PPTP interface)
Traffic destined for 10.0.x.x would have to be NAT'ed, just like traffic destined for the internet, since nobody would know how to route back to the IP of a client machine on the satellite LAN.
The pfSense docs mentions that the "WAN PPTP" feature cannot be used to create a separate, routable, WAN interface:
Can I use pfSense's WAN PPTP feature to connect to a remote PPTP VPN?
The pfSense WAN PPTP feature is for ISPs that require you to connect using PPTP. This feature cannot be used as a PPTP client to connect to a remote PPTP server to allow pfSense to route over the PPTP connection.
That doesn't mean that pfSense cannot do it - it just means that you can't use the WAN PPTP feature to do it. And concept is sound and possible, the question is: can pfSense actually do it.
Edit: Changing my not speak good
No comments:
Post a Comment