PPTP Network Layouts

  Print

There are three configuration modes an administrator might choose based on her network plan. This section will present the three different ways to configure the PPTP connections.
In every example below we assume that:

  • eth0 - the external interface connected to internet
  • eth2 - the internal interface
  • 192.168.1.0/24 - the internal network

 

Clients on a separate private network

In this scenario you choose to have the clients on their own separate private networkthat is not routable. In this case you will have to configure the PPTP as shown below:

  • LocalIP: 172.17.255.1
  • RemoteIP: 172.17.255.2-100
  • Bcrelay: eth2

 

These are the configuration commands to configure this correctly:

config pptp localip 172.17.255.1
config pptp remoteip 172.17.255.2-100
config pptp bcrelay eth2
config pptp enable

 

In this scenario you will most likely need to also setup a source NAT (SNAT) to allow the clients connected through PPTP to access the internet:

  • Source network: 172.17.255.0/24
  • Destination network: any
  • Destination interface: eth0
  • SNAT to Host: eth0

 

Clients on a separate public network

In this scenario you choose to have the clients on their own separate public network that is routable by this machine.

Important! The network you will be using in this case must be already assigned to you by the internet authorities and properly routed by your internet service provider.

In this case you will have to configure the PPTP as shown below:

  • LocalIP: 81.196.33.97
  • RemoteIP: 81.196.33.98-110

 

These are the configuration commands to configure this correctly:

config pptp localip 81.196.33.97
config pptp remoteip 81.196.33.98-110
config pptp enable

In this scenario you will not need to setup a SNAT, as the network is public and Syneto UTM is already routing packets to and from this network.

Clients on the same subnet as the internal clients

In this scenario you choose to have the clients be part of the internal private network that is not routable. In this case you will have to configure the PPTP as shown below:

  • RemoteIP: 192.168.1.90-100
  • ProxyARP: enabled

These are the configuration commands to configure this correctly:

config pptp localip
config pptp remoteip 192.168.1.90-100
config pptp proxyarp enable
config pptp enable

In this scenario your clients already have setup a source NAT (SNAT) rule for the internal network, so adding one will not be needed.