Technical Tip: PPTP VPN in FortiOS 5.2
Description
This article describes how to configure a PPTP VPN on FortiGate with FortiOS 5.2.
Requirement:
1) Specify the address group you want to access.
2) Configure the PPTP user.
3) Assign the user to a desired group if needed.
4) Create a policy to allow traffic using the PPTP tunnel.
5) Create a policy to allow the PPTP to also have access to the Internet if needed.
5) Configure the PPTP VPN on FortiGate via the CLI.
6) Set up your PC to establish the PPTP connection - Windows 8.
For more information about PPTP VPN and its configuration, refer to this document.
Scope
FortiOS 5.2.x
Solution
Steps to follow:
1) Specify the address group you want to access:
- A loopback interface can be used to represent the internal ip segment for testing:
2) Configure the PPTP user:
4) Create a policy to allow traffic using the PPTP tunnel:
5) Create a policy to allow the PPTP to also have access to the Internet if needed:
6) Configure the PPTP VPN on Fortigate via the CLI:
7) Set up your PC to establish the PPTP connection - Windows 8:
a) Go to the Control Panel
b) Click on "View Network Status and Tasks"
c) Click on "Set up a new connection or network"
d) Click on "Connect to a Workplace Then click Next"
e) Click on "Use my Internet Connection (VPN)"
f) For Internet Address, enter FortiGate´s IP:
This article describes how to configure a PPTP VPN on FortiGate with FortiOS 5.2.
Requirement:
1) Specify the address group you want to access.
2) Configure the PPTP user.
3) Assign the user to a desired group if needed.
4) Create a policy to allow traffic using the PPTP tunnel.
5) Create a policy to allow the PPTP to also have access to the Internet if needed.
5) Configure the PPTP VPN on FortiGate via the CLI.
6) Set up your PC to establish the PPTP connection - Windows 8.
For more information about PPTP VPN and its configuration, refer to this document.
Scope
FortiOS 5.2.x
Solution
Steps to follow:
1) Specify the address group you want to access:
- A loopback interface can be used to represent the internal ip segment for testing:
# config system interface
edit "loopback1"
set vdom "root"
set ip X.X.X.X 255.255.255.0
set allowaccess ping https ssh http
set type loopback
set snmp-index 4
end
# config firewall address
edit "access_range"
set subnet X.X.X.X 255.255.255.0
next
edit "pptp_range"
set type iprange
set start-ip 10.10.10.1
set end-ip 10.10.10.10
end
2) Configure the PPTP user:
# config user local3) Assign the user to a desired group if needed:
edit <username>
set type password
set passwd-time 2018-09-21 13:00:00
set passwd <password>
next
# config user group
edit <group_name>
set group-type firewall
set member <user_names>
next
4) Create a policy to allow traffic using the PPTP tunnel:
# config firewall policy
edit 0
set srcintf wan1 (<interface to internet>)
set dstintf "loopback1" (<interface to internal network>)
set srcaddr "pptp_range" (<reserved_range>)
set dstaddr "access_range" (<internal_addresses>)
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
5) Create a policy to allow the PPTP to also have access to the Internet if needed:
# edit 3
set srcintf "wan1"
set dstintf "wan1"
set srcaddr "pptp_range"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
6) Configure the PPTP VPN on Fortigate via the CLI:
# config vpn pptp
set status enable
set ip-mode range
set eip 10.10.10.10
set sip 10.10.10.1
set usrgrp <group_name>
7) Set up your PC to establish the PPTP connection - Windows 8:
a) Go to the Control Panel
b) Click on "View Network Status and Tasks"
c) Click on "Set up a new connection or network"
d) Click on "Connect to a Workplace Then click Next"
e) Click on "Use my Internet Connection (VPN)"
f) For Internet Address, enter FortiGate´s IP:
h) In the network connections screen, locate the PPTP connection that as just been created, right-click on it, and choose Properties -> Networking -> and then specify the DNS for Internet access.