Does the subnet you are trying to reach conflict with a subnet on the remote client LAN connection ?
Nope, 192.x.x.x/24 range at the site site and the remote VPN site is using a 10.x.x.x/24 range.
system -> diagnostics -> packet capture
to see if you packets are in fact being sent over the pptp vpn tunnel
interface will be ppp ( something )
then load that into wireshark and see if your client packets are arriving at the UTM device
I looked at the UTM's own logs and I can see the packets are arriving there, then being denied. Can't see a reference to a particular rule being applied.
You should contact support with the capture and the other diagnostics that support will ask for.
With the right diagnostics, support will be able to determine the issue.
Just to check, the subnet you are connecting too, does it conflict with a local subnet to the connecting clients LAN connection ?
No, different subnets. Tried from two separate remote sites - same problem.
I was able to solve the problem. Since first testing the VPN (where it worked fine) I'd subsequently installed VMware Workstation, which added its own virtual NIC used for NAT, with a 192.168.3.1/24 address - same as the remote site is using. I disabled that and - voila, it worked. Thanks for your help, got me thinking in the right mindset.
Yes, an inspection of the routing tables on a host can often explain 'weird' behaviour