D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: deepone on October 30, 2009, 03:14:27 AM
-
I configured PPTP Server to connect to local lan from remote site, it's almost the same configuration as in topic http://forums.dlink.com/index.php?topic=8404.0 (http://forums.dlink.com/index.php?topic=8404.0)
Connection is correctly established from Windows XP/Vista, but I can't do anything inside my LAN from remote machine.
I see in Status > User Authentication and in status > Connections this user.
I configured IP Rules in different ways, but it still won't work.
How should I configure IP Rules (example) to allow remote computer to gain access to LAN.
-
first of all nice name.
Ia! Ia! Cthulhu fhtagn ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!
Now that that is over with.
How are you trying to access these remote resources? By DNS name, NBNS name, or IP?
What do your IP rules look like?
-
My IP Rules, tried many configurations and still nothing.
I can only connect to firewall, can't go inside LAN.
(http://img94.imageshack.us/img94/3770/iprules.th.jpg) (http://img94.imageshack.us/i/iprules.jpg/)
-
Your second and third rules look like a passthrough attempt, which should not be the case if you are using the DFL as the VPN endpoint. And even if they were they should be NAT not allow.
I would disable them.
What is your Lan2Net?
What is your IP Pool?
If these are in the same network do you have Proxy ARP enabled for the LAN2 interface on the PPTP server?
When you connect what IP do you get?
When you connect can you ping the server?
When you connect can you ping a known host?
-
I would disable them.
Disabled.
What is your Lan2Net?
10.0.0.0/16
What is your IP Pool?
If these are in the same network do you have Proxy ARP enabled for the LAN2 interface on the PPTP server?
192.168.15.2-192.168.15.20
I tried with Proxy ARP enabled and disabled.
When you connect what IP do you get?
192.168.15.2 - 192.168.15.20 same as in IPPool.
When you connect can you ping the server?
No
When you connect can you ping a known host?
No
-
Are you using the latest firmware version??
im using 2.20.03.08-8260
Sep 26 2008
i have a testing pptp working on a dfl-210
here are the ip rule set im using for pptp connections allowing them to connect to local network as well for going to internet through a pppoe connection
the first rule its to easy trouble-shooting allowing tracerouting from any net connected to the pptp vpn
(http://pwp.etb.net.co/sergio_acuna/pptp1.jpg)
-
Since your IP pool is in a different net from your LAN you don't want proxy ARP on.
Can I see your routing table (view it through Status->Routes, not Routing->Tables->Main), I am trying to look for conflicting routes, and to see how well your PPTP route is being placed?
I know this sounds like a stupid question, but are you sure the gateway is set right on your LAN2 hosts?
-
Routing table contents (max 100 entries)
Flags Network Interface Gateway Local IP Metric
81.x.x.x/x wan1 100
192.168.120.0/24 wan2 100
172.17.100.0/24 dmz 100
192.168.1.0/24 lan1 100
192.168.3.0/24 lan3 100
10.0.0.0/16 lan2 100
0.0.0.0/0 wan1 81.x.x.x 100
-
Routing table contents (max 100 entries)
Flags Network Interface Gateway Local IP Metric
D 192.168.250.101 pptp-vpn-server 0 (pptp client ip)
D 192.168.10.0/24 pptp-vpn-server 0 (pptp remote network)
M 192.168.201.0/24 lan 50
M 172.17.100.0/24 dmz 50
M 192.168.200.0/24 wan 50
M 0.0.0.0/0 etb_pppoe 80
M 0.0.0.0/0 etb_pppoe_2 80
-
When I connect remotely, in routing there is one more entry:
D 192.168.15.2 PPTP-tunnel 0
Software version:
2.26.00.06-12652
Sep 23 2009
I tried everything again from support faq, but it's configured like in faq.
I can't get inside lan.
I can change from lan2 to lan1, but I think it's not this problem.
-
The devices that you are trying to reach, is the DFL-210 their gateway?
Well that routing looks right. If you take a packet capture from the PC you are trying to ping on the LAN do you see the incoming or outgoing ICMP packets?
-
I'm trying to reach from home PC network inside my work.
When I connect from home, I see outgoing ICMP, but nothing is incoming.
I checked connection status, and only received bytes are when I connect and authorisation is granted.
Then nothing else is incoming, only outgoing.
-
I meant on the device you are pinging over the VPN, not the device dialling the VPN.
Any interesting log entries?
-
tracert (windows) from remote connecting pc to local lan ip and tracert (windows) from local lan to the pptp ip of the connecting pc may be usefull, always you had allowed ping outbound on ip rule set. to-from pptp vpn,and to-from local lan.