This chapter describes how to enable PPTP, configuring basic settings and access control.
Open the Remote Access > PPTP > Global tab.
Enable PPTP.
Enable PPTP remote access by clicking the Enable button.
The toggle switch turns amber and the page becomes editable.
Make the following settings:
Authentication via: Select the authentication method.
PPTP remote access supports Local and RADIUS authentication. For users using other authentication methods remote access via PPTP will not work. You can use RADIUS authentication, if you have defined a RADIUS server on the Definitions & Users > Authentication Servers > Servers tab. The RADIUS server must support MS-CHAPv2 challenge-response authentication. The server can pass back parameters such as the client's IP address and DNS/WINS server addresses. The PPTP module sends the following string as NAS-ID to the RADIUS server: pptp. Note that when RADIUS authentication is selected, local users cannot be authenticated with PPTP anymore.
Cross Reference – The configuration of the Microsoft IAS RADIUS server and the configuration of RADIUS within WebAdmin is described in the UTM administration guide in chapter Definitions & Users.
Users and groups: When using Local authentication, please also select the users or groups that should be able to use PPTP remote access.
Assign IP addresses by: The IP addresses can either be assigned from a predefined IP address pool during the dial-up or can be automatically requested from a DHCP server.
Pool network: The default settings assign addresses from the private IP space 10.242.1.x/24. This network is called the VPN Pool (PPTP). If you wish to use a different network, simply change the definition of the VPN Pool (PPTP) on the Definitions & Users > Network Definitions page. Alternatively, you can create another IP address pool by clicking the Plus icon.
Note – If you wish the PPTP-connected users to be allowed to access the Internet, you additionally need to define appropriate Masquerading or NAT rules.
DHCP server
DHCP server: Select the DHCP server here. Please note that the local DHCP server is not supported. The DHCP server to be specified here must be running on a physically different system. Clicking the Folder icon opens a list that displays all networks and hosts that had been defined on the Definitions & Users > Network Definitions page.
Via interface: Define the network card through which the DHCP server is connected. Note that the DHCP does not have to be directly connected to the interface–it can also be accessed through a router.
Click Apply to save your settings.
The toggle switch turns green. PPTP is active now.
Cross Reference – More detailed information on the configuration of a remote access and detailed explanations of the individual settings can be found in the UTM administration guide in chapter Remote Access.
| © 2019 Sophos Limited | Sophos UTM 9.600 |