This solution applies to Barracuda SSL VPN Firmware 2.1 and Newer.
As of firmware 2.1 the SSL VPN includes a PPTP service. Adding a PPTP server to the SSL VPN allows the SSL VPN to take on an additional role in managing the connections that can be made into the Corporate Network.
PPTP can easily be configured in the Resources > PPTP Servers page. Select the Configure PPTP Server option and a new window is displayed. Two options need to be set:
- IP Address Range Start - The first IP address in the IP Range that IPsec will use to assign to clients
- IP Address Range End - The last IP address in the IP range that IPsec will use to assign to clients
Next, the policies of the users that will access PPTP need to be set. Only one PPTP server can be configured and it will be available to all user databases, so all policies will be available. This will complete the server configuration.
The process for connecting a client to the SSL VPN over PPTP will vary depending on the client in use; not all clients may be able to connect. Nonetheless, the following actions should be true for all clients:
- Use the Internet connection of the system to establish a VPN connection.
- The address should be that of the SSL VPN.
- When prompted for credentials provide the user credentials for the SSL VPN.
- The user must have logged into the SSL VPN UI at least once previously in order to be able to login via PPTP; this is so that the PPTP service can verify the username and password.
Some of the advantages of using PPTP are:
- It allows a full network connection from client to LAN without the need for a TAP driver
- PPTP is supported by iPhone, iPad (iOS 9.3.5 or lower), and many other mobile devices
- No Java required
The following are the ports that these services utilize, and therefore will need to be opened on any firewall:
- TCP 1723 + protocol 47 (GRE)