PPTP
PPTP (Point-to-Point Tunneling Protocol) is one way of setting up a virtual private network. It originates from the PPP protocol, which was meant to be used between two end peers, but the PPTP is constructed for connections between a road warrior and a VPN gateway.
In Ingate Firewall, you can accept connections over PPTP from a road warrior. To other internal computers, this traffic will appear to originate from the internal network configured below. Ingate Firewall supports 100 simultaneous PPTP client connections.
To actually let traffic through, you also have to create rules for the connections on the Rules page under Rules and Relays. The rules should be for the network selected under Client IP addresses.
General
Here, you enable the PPTP server of Ingate Firewall and select the IP address to which clients should connect.
PPTP server status
Select here if the PPTP server should be On or Off. When the server is on, the firewall listens for connection attempts over TCP on port 1723. This will block this port from other use.
Which IP address should PPTP clients connect to?
Select one of the firewall's IP addresses (defined on the interface pages under Network. This is the IP address to which the PPTP clients should direct their connections.
Client network
You must assign a network to the connected PPTP clients. When a client connects, it will be assigned an IP address on the selected network. The clients must also have an endpoint to the tunnel, which is a firewall IP address on the same directly connected network as the assigned PPTP network.
PPTP local IP address
Select one of the firewall's IP addresses, which will act as an endpoint for the PPTP tunnel.
Client IP addresses
Select a network from which the PPTP clients will be assigned IP addresses for local usage. You select from the networks configured on the Networks and Computers page under Network. The network must not contain more than 100 IP addresses, which must be part of the same directly connected network as the PPTP local IP selected above.
Keep alive
The firewall can be made to send packets to the PPTP clients to check the PPTP connection. When a client has not responded to three consecutive packets, the connection is considered broken and the PPTP tunnel is removed.
The firewall uses LCP echo request packets for this. If you want to disable this feature, just leave the input field blank.
LCP echo request interval
Enter the interval with which the firewall should send LCP echo request packets to check PPTP connections. If you want to disable this feature, just leave the input field blank.
Client parameters
You can give the connected clients information about what DNS and/or WINS servers to use when accessing computers on the local network.
DNS
One or two DNS servers can be specified, which the clients can use to look up domain names.
WINS
One or two WINS servers can be specified, which the clients can use to access Windows computers.
Authentication
Specify which users can connect to the firewall using PPTP.
User
Enter the name of the user which can connect.
Password
Each user must authenticate himself with a password. Press Change to enter the password for this user.
Enabled
Select if PPTP connections with this user should be enabled (On) or not (Off).
Delete row
If you select this box, the row is deleted when you click on Add new rows or Save.
Add new rows
Enter the number of new rows you want to add to the table, and then click on Add new rows.
Logging
Select here how the negotiation and tunnel traffic should be logged. Choose between the log classes configured on the Log classes page under Logging.
The same settings can also be found on the Logging Configuration page under Logging.
Log class for PPTP negotiations
The firewall generates log messages about the progress of the PPTP negotiations. Here, you select a log class for these messages.
Log class for PPTP packets
PPTP clients wanting to establish a VPN tunnel connects to the firewall on port 1723. Here, you select a log class for these packets.
Log class for GRE packets
The encrypted traffic through the VPN tunnel is sent as GRE packets. Here, you select a log class for these packets.
Save
Saves the PPTP configuration to the preliminary configuration.
Undo
Clears and resets all fields in new rows and resets changes in old rows.