Date: Mon, 16 Jan 2006 11:14:08 -0500 From: Scott Ullrich <sullrich@gmail.com> To: Alexander Vyrlanovich <iskander@apple-park.kiev.ua> Cc: freebsd-pf@freebsd.org Subject: Re: pf and pptp Message-ID: <d5992baf0601160814h3a1c7493hf82d81145508b0b7@mail.gmail.com> In-Reply-To: <4007E994-E349-44D4-9356-9DF1A5E1098E@apple-park.kiev.ua> References: <4007E994-E349-44D4-9356-9DF1A5E1098E@apple-park.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/16/06, Alexander Vyrlanovich <iskander@apple-park.kiev.ua> wrote: > Last week I moved my firewall from ipfw to pf on a gateway (FreeBSD > RELENG_6_0 i386). > All work fine except nat'ed pptp connections. Only one PC client can > establish > pptp VPT at the same time. After some google search I found this > article: http://www.benzedrine.cx/pf/msg04961.html. > > Can anybody confirm, that situation with nating GRE packets with PF > still > persist or there is something wrong with my firewall rules? Yep, this is a known limitation. We've been looking around for a PPTP proxy helper to no avail. Frickin PPTP seems about the closest match but would require some modifications to make it work correctly. We see the same problems with pfSense often. Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5992baf0601160814h3a1c7493hf82d81145508b0b7>