Reply
New Member
Posts: 5
Registered: ‎11-15-2016
Kudos: 1

PPTP VPN on ERPro‑8 with load balancing

I'm not sure if there is something I need to add to the config to get this to work. I am guessing it might have something to do with the fact that I a have load balancing running only because that is the only additional factor that I seem to have from all the documentation I have looked at on this subject.

 

I have a basic VPN config like this:

vpn {
pptp {
remote-access {
authentication {
local-users {
username test {
password testimoney#1
}
}
mode local
}
client-ip-pool {
start 10.10.10.200
stop 10.10.10.209
}
dns-servers {
server-1 10.10.10.2
server-2 8.8.8.8
}
mtu 1500
outside-address [external ip address]
}
}
}

These rules in the WAN_LOCAL:

    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            log disable
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action accept
            description "PPTP port 1723"
            destination {
                port 1723
            }
            log disable
            protocol tcp
        }
        rule 30 {
            action accept
            description "PPTP gre protocol"
            log disable
            protocol gre
        }
        rule 40 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }

And this on the balance pool:

      modify balance {
        description "load balance interface pool"
        rule 10 {
            action modify
            description "do NOT load balance lan to lan"
            destination {
                group {
                    network-group PRIVATE_NETS
                }
            }
            modify {
                table main
            }
        }
        rule 20 {
            action modify
            description "do NOT load balance destination public address"
            destination {
                group {
                    address-group ADDRv4_eth0
                }
            }
            modify {
                table main
            }
        }
        rule 30 {
            action modify
            description "do NOT load balance destination public address"
            destination {
                group {
                    address-group ADDRv4_eth1
                }
            }
            modify {
                table main
            }
        }
        rule 100 {
            action modify
            modify {
                lb-group G
            }
        }
    }

Ideas?

 

Reply