From owner-freebsd-pf@FreeBSD.ORG Thu Nov 30 16:42:50 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 96B1816A492 for ; Thu, 30 Nov 2006 16:42:50 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 770F444012 for ; Thu, 30 Nov 2006 16:35:47 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1961330uge for ; Thu, 30 Nov 2006 08:35:37 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lrp7wZ16MN3CwYwDGMQ6sYB/ga2h2YGhK9L5iJsYtlIuP9qJ5oFOFKgFY0wXbEOMeNXCTGONRD4x6LKBXTnvYPsDbj982Y7rXCK17RAOO+vqevjhOPCvHfhfvszmpZMAL/50J2mXVyHMhEsQWK78XC7k6CkGqo94aFF2Hrk6YCY= Received: by 10.82.129.8 with SMTP id b8mr848573bud.1164904537174; Thu, 30 Nov 2006 08:35:37 -0800 (PST) Received: by 10.82.177.12 with HTTP; Thu, 30 Nov 2006 08:35:37 -0800 (PST) Message-ID: Date: Thu, 30 Nov 2006 11:35:37 -0500 From: "Scott Ullrich" To: "Daniel Hartmeier" In-Reply-To: <20061130162048.GB31746@insomnia.benzedrine.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <62972.217.12.197.82.1164883946.squirrel@sigma.interami.com> <6e6841490611300512t73dca3ddt106d58a3e63bc1f1@mail.gmail.com> <55273.217.12.197.82.1164898183.squirrel@sigma.interami.com> <6e6841490611300803y577338adqf52918ef13ca7605@mail.gmail.com> <20061130162048.GB31746@insomnia.benzedrine.cx> Cc: FreeBSD Subject: Re: PF-NAT X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2006 16:42:50 -0000 On 11/30/06, Daniel Hartmeier wrote: > On Thu, Nov 30, 2006 at 02:03:57PM -0200, Gilberto Villani Brito wrote: > > > Try change this options. > > None of those will help if you really want two concurrent PPTP > connections to the same external peer. > > pf doesn't look into the payload of PPTP packets and hence can't decide > which internal peer to dispatch incoming replies from the one external > peer to (there are no port numbers helping there, like in TCP). > > You can try a userland PPTP proxy, like > > http://freshmeat.net/projects/frickin/ > > There are no plans to integrate PPTP proxy support into pf. While > libalias_pptp and ng_nat look potentially helpful, you'd have to write > that patch yourself, or find a developer that is using PPTP (not me ;) The author of Frickin just repoted on the pfSense forums that a majority of the issues with the proxy have been resolved in the SVN/CVS version of Frickin. If you go this route you may want to use the latest codebase. Scott