Multiple outgoing PPTP VPNs simultaneous

VPN
1

Hi all!

I IT manage a small to mid Office with about 70 users. Fore some years now I use a PFSense box for all my network needs, VLANs, VPNs, etc.

Since most of my colleagues give IT support to remote systems, unfortunately a few of our clients still use PPTP VPN Gateways which make about the only problems I can’t resolve with the PFSense FW. For those who don’t know, and correct me if I’m wrong, you “can’t have” more than one workstation dial a PPTP VPN to the same destination server behind the same NAT. I used “” just now because you can have a 1:1 outgoing NAT using multiple public IP’s, which I really can’t use on my case.

https://www.netgate.com/docs/pfsense/vpn/pptp-troubleshooting.html

Since I don’t control the IT of our clients, PPTP VPNs will be a reality for me for a while.

I created this post to maybe find a workaround for this behind a PFSense FW, something like using a different router for all the outgoing PPTP VPNs? (don’t make fun of me, I’m using some LAN cables right now spread through the office that go to a small home Thompson Router, this way I can have at least two colleagues connected to the same PPTP server)

Thank you!

Best regards,

John

2

Without either switching to a different VPN protocol, or using different public IP addresses for different workstations, you are limited to one connection at a time.

You can’t have multiple workstations behind the same NAT firewall, open multiple PPTP tunnels to the same PPTP server. This is because PPTP uses GRE instead of TCP or UDP for the actual traffic. GRE doesn’t have the concept of port numbers, and the traffic itself is encrypted so pfSense (or any other firewall) has no way of knowing what inbound traffic should be forwarded to what workstation.

It’s possible to create a site-to-site PPTP VPN, which allows multiple workstations to use the same tunnel, but it requires configuration on both ends and if you were going to that trouble you should switch a more robust VPN solution like IPSec or OpenVPN instead.

People often setup PPTP because it’s simple to configure and widely supported. But it’s also be shown to be very broken fo a while now and shouldn’t be used when there are so many better options available.