Pptpvpn

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
(PPTP / L2TP Settings)
 
(13 intermediate revisions by one user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:PPTP Server}}
+
{{DISPLAYTITLE:PPTP / L2TP Server}}
== PPTP Server ==
+
== PPTP / L2TP Server ==
  
PPTP server can provide PPTP VPN service for external users to connect.
+
PPTP / L2TP server can provide PPTP / L2TP VPN service for external users to connect.
 
* You can check VPN clients ip addresses and usernames in "Real-time Bandwidth".
 
* You can check VPN clients ip addresses and usernames in "Real-time Bandwidth".
 
* VPN users are not be applied by [[Access_Policy]].
 
* VPN users are not be applied by [[Access_Policy]].
 
* Activity of VPN users won't be recorded by [[wfquery|Internet Usage]].
 
* Activity of VPN users won't be recorded by [[wfquery|Internet Usage]].
  
== PPTP Settings ==
+
== PPTP / L2TP Settings ==
Description of PPTP settings:
+
Description of PPTP / L2TP server settings:
 +
* Service: whether to enable the vpn service.
 +
* MPPE: when enabled, the VPN server will require 128bit MPPE stateless encryption.
 
* IP Range: the ip addresses to be assigned to VPN clients. (Must be a LAN subnet)
 
* IP Range: the ip addresses to be assigned to VPN clients. (Must be a LAN subnet)
* Auth Type
 
** "Local Auth": authenticate with username and password of local accounts. This user shall enable "Web" access in [[Account|Local_Account]].
 
** "Remote Auth": send credentials to a remote radius server for authentication. For example, [[Enable_AD_Radius|Configure RADIUS Server Authentication for Active Directory]]
 
** When both are enabled, we will do "local auth" first. If this user is not found in "local account", then check the remote radius sever.
 
 
* Protocols: supported auth protocols, which shall be consistence with VPN client settings.
 
* Protocols: supported auth protocols, which shall be consistence with VPN client settings.
 +
* Authtype:
 +
** "Local Auth": authenticate with username and password of local accounts. Only "local users" with "VPN" priviledge have VPN access.
 +
** "Email Auth": send credentials to a pop/imap email server for authentication.
 +
** "Ldap Auth": send credentials to a ldap server for authentication.
 +
** "Radius Auth": send credentials to a remote radius server for authentication.
 +
** For "LDAP Auth" and "Email Auth", only "pap" protocol is supported.
 +
* VPN type: choose L2TP or PPTP vpn type.
  
[[File:faq_pptp001.png|650px]]
+
[[File:faq_pptp001.png|900px]]
 +
 
 +
* If you want to assign static ip and limit bandwidth to PPP clients, you need to setup "PPPoE Property" in "Accounts" settings.
 +
 
 +
[[File:faq_pptp002.png|600px]]
 +
 
 +
== Online Users ==
 +
 
 +
[[File:faq_pptp004.png|900px]]
 +
 
 +
You can click "online users" to check the live VPN clients, including IP address, RX & tx bandwidth... Move your mouse over the "kill" icon to terminate a session.
 +
 
 +
== Multiple Subnets ==
 +
PPTP / L2TP clients can only belongs to one subnet. If your network has multiple subnets, you need to add route in client pc to access other subnets. For example, the server side has two subnets 192.168.10.x and 192.168.11.x. PPTP works in 192.168.10.x. To access another subnet, you need to execute below command in client:
 +
 
 +
<code>
 +
route add 192.168.11.0 mask 255.255.255.0 192.168.10.1
 +
</code>
 +
 
 +
== Firewall Rules ==
 +
 
 +
When pptp / l2tp is enabled, a firewall ACL rule will be added automatically. PPTP is on tcp port 1723, L2tp is on udp port 1701.
  
 
== FAQ ==
 
== FAQ ==
 +
 +
[[Category:VPN]]

Latest revision as of 11:21, 11 September 2024

Contents

[edit] 1 PPTP / L2TP Server

PPTP / L2TP server can provide PPTP / L2TP VPN service for external users to connect.

  • You can check VPN clients ip addresses and usernames in "Real-time Bandwidth".
  • VPN users are not be applied by Access_Policy.
  • Activity of VPN users won't be recorded by Internet Usage.

[edit] 2 PPTP / L2TP Settings

Description of PPTP / L2TP server settings:

  • Service: whether to enable the vpn service.
  • MPPE: when enabled, the VPN server will require 128bit MPPE stateless encryption.
  • IP Range: the ip addresses to be assigned to VPN clients. (Must be a LAN subnet)
  • Protocols: supported auth protocols, which shall be consistence with VPN client settings.
  • Authtype:
    • "Local Auth": authenticate with username and password of local accounts. Only "local users" with "VPN" priviledge have VPN access.
    • "Email Auth": send credentials to a pop/imap email server for authentication.
    • "Ldap Auth": send credentials to a ldap server for authentication.
    • "Radius Auth": send credentials to a remote radius server for authentication.
    • For "LDAP Auth" and "Email Auth", only "pap" protocol is supported.
  • VPN type: choose L2TP or PPTP vpn type.

Faq pptp001.png

  • If you want to assign static ip and limit bandwidth to PPP clients, you need to setup "PPPoE Property" in "Accounts" settings.

Faq pptp002.png

[edit] 3 Online Users

Faq pptp004.png

You can click "online users" to check the live VPN clients, including IP address, RX & tx bandwidth... Move your mouse over the "kill" icon to terminate a session.

[edit] 4 Multiple Subnets

PPTP / L2TP clients can only belongs to one subnet. If your network has multiple subnets, you need to add route in client pc to access other subnets. For example, the server side has two subnets 192.168.10.x and 192.168.11.x. PPTP works in 192.168.10.x. To access another subnet, you need to execute below command in client:

route add 192.168.11.0 mask 255.255.255.0 192.168.10.1

[edit] 5 Firewall Rules

When pptp / l2tp is enabled, a firewall ACL rule will be added automatically. PPTP is on tcp port 1723, L2tp is on udp port 1701.

[edit] 6 FAQ

Personal tools
Namespaces

Variants
Actions
Navigation
Tools