I have a couple of LANs I'm trying to connect over the internet by way of a PPTP tunnel between a Unifi USG on one side and a Synology NAS running DSM on the other.
Update: it's been helpfully pointed out that PPTP is insecure - however, there are external considerations that preclude me from using OpenVPN or L2TP/IPsec, at least for now.
For reference, here's a diagram of the two networks:
I set up the VPN Server package on DSM like so:
The local subnet for the DSM box is 192.168.0.0/24.
On the USG, whose WAN address is 10.0.0.95 (natted) and local subnet is 192.168.1.0/24, I configured a PPTP client like so:
When I save this configuration and the USG is provisioned, the PPTP client connects successfully to DSM:
After adding a firewall rule on the USG to accept all traffic from the PPTP network, I can open an ssh connection in both directions (i.e., ssh to USG from the DSM NAS, and then ssh back to the NAS from the USG), so I'm certain that the tunnel itself is working.
I can also ping the NAS from the USG.
But this is where I'm a bit stumped: I want to be able to route traffic through this tunnel from 192.168.0.0/24 to 192.168.1.0/24 (and vice versa, but that's less important). On the NAS I have this routing table:
But ping 10.0.7.1
fails (although traceroute 10.0.7.1
seems to get a response, which confuses me).
On the USG, I have the following routes:
But I can't traceroute 192.168.1.7
(for example) from the NAS.
Does anyone have any suggestions as to why the PPTP tunnel would work, but my routes fail to route traffic through it?
Update: cross-post on Ubnt community forum: https://community.ubnt.com/t5/UniFi-Routing-Switching/ICMP-routing-not-working-over-PPTP-Client/m-p/2194121#M72278