Advanced Device Configuration > Address Configuration for Connected Devices > Example 2: Two Private Subnets and VPN Configuration > PPTP VPN Configuration for Example 2

PPTP VPN Configuration for Example 2
After the private subnets, device, and user account configuration in Two Private Subnets and User Configuration for Example 2 is completed, a VPN connection must be created. This example shows the configuration steps that must be performed by the OnBoard administrator and by a user on a remote workstation for setting up an PPTP VPN connection1 that would enable the authorized user “allSps” to access “sp1,” “sp2,” “sp3,” and “sp4.”
The OnBoard administrator must do the following to enable the PPTP client:
The following screen example shows an example PPTP configuration on the Network Æ VPN connections screen.
PPTP VPN Configuration Example: Address Pools
PPTP VPN Configuration Example: Address Pools shows the following address pools:
Note: The address pools’ IP addresses can be assigned arbitrarily. Make sure that none of the addresses assigned here are being used elsewhere on your network.
The following figure shows an example PPTP configuration on the Config Æ Users and groups screen.
PPTP User Configuration Example
Note: The user can be configured for PPTP alone or for both PPP/PPTP.
The user has the PPTP password if it is different from the password that authenticates the user for access to the OnBoard.
The authorized user must do the following:
The user can test whether the user’s workstation can access the OnBoard by entering the OnBoard’s public IP address in a browser to try to bring up the Web Manager.
Use the PPTP client on the workstation to create the PPTP VPN connection profile, entering the following:
Enter the ifconfig or ipconfig command on the command line of the user’s workstation to discover the IP address assigned to the OnBoard’s end of the PPTP VPN tunnel.
When the PPTP tunnel is being activated, the OnBoard chooses an IP address from each of the address pools for the endpoints of the PPTP link. The client’s end of the point-to-point link receives an address from the remote address pool, and the OnBoard receives an address from the local address pool. Usually the first connection obtains the first address from each pool, so the client would be 192.168.3.1 and the OnBoard would be 192.168.2.1.
Enter the OnBoard’s PPTP-assigned address either in a browser or with ssh on the command line to access the OnBoard. In this example the address would be 192.168.2.1.
Create a static route to inform the workstation that the devices to be contacted are at the other end of the point-to-point link.
In this example, to communicate with “sp1” and “sp2,” a route would needed to “sub1,” which has the network IP address 192.168.1.0 as shown below:
To communicate with “sp3” and “sp4,” a route would needed to “sub2,” which has the network IP address 192.168.4.0 as shown below:
See Enabling Native IP and Accessing a Device’s Native Features Using Real IP Addresses for Example 2.

1
A VPN connection must exist before a user can access native IP management features on a device.


Advanced Device Configuration > Address Configuration for Connected Devices > Example 2: Two Private Subnets and VPN Configuration > PPTP VPN Configuration for Example 2