25 May 12 15:57
Pretty much all I'm trying to accomplish is I have some contractors that need to make a secure connection to a bank. The bank will only accept connections from a listed static IP. All the contractors are working from home dynamic IPs. so I was setting up a VPN for them to tunnel through on a static IP. The reason I was going with pptpd is as I understood in order to use openvpn on a windows client machine you have to install a openvpn client to connect but windows has a built in client that will connect to pptpd if its configured correctly? If their is something different I should use other then pptpd I'm all ears but I would rather not have one more piece of software to setup on all the client machines. Most are not local to me and I don't know how easy its going to be to walk them through setting up the software themselves. so I just got access to the server and my big question is when I set up pptpd or any other vpn software It looks to me that I have to specify a ip for each vpn connection but I have no control over the LAN its on. So how do I reserve IP addresses for the VPN connections and direct them back out to the Internet? Here is an excerpt from PPTPDs sample config
# TAG: bcrelay <if>
# Turns on broadcast relay to clients from interface <if>
# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
# IMPORTANT RESTRICTIONS:
# 1. No spaces are permitted between commas or within addresses.
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.