Date: Wed, 31 Oct 2007 10:45:15 -0400 From: "Scott Ullrich" <sullrich@gmail.com> To: "Rob Shepherd" <rob@techniumcast.com> Cc: freebsd-pf@freebsd.org Subject: Re: PPTP "fixup" for FreeBSD NAT Router Message-ID: <d5992baf0710310745k2d4a08c8kc2ba7af8e6bdcab7@mail.gmail.com> In-Reply-To: <472871EC.9040509@techniumcast.com> References: <472871EC.9040509@techniumcast.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/31/07, Rob Shepherd <rob@techniumcast.com> wrote: > Dear FreeBSD PF users, > > We have Cisco FWSM software v2.3 which doesn't pass PPTP traffic due to it not > being able to extract the GRE session information. Grrr.... Enterprise grade my > *rse! > > Nevertheless, I am intrigued to see if I can provide an alternate route for a > customers PPTP connection through a FreeBSD router. > > I'll VLAN interface on to their LAN, NAT as usual to a public IP, but I would > like to inquire (before I commence my setup) if... > > 1. FreeBSD NAT (PF) will pass PPTP > 2. if (1), will it support multiple PPTP sessions (multiple clients to common > remote VPN server) PF does not have PPTP session handling code. You could try using a proxy such as frickin-pptp[1] (yes, that is really it's name) that should keep state on the GRE traffic much better but the last time I tried to use this daemon it had issues on FreeBSD which the author was aware of but did not know how to fix. [1] http://sourceforge.net/projects/frickin/ Scott Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5992baf0710310745k2d4a08c8kc2ba7af8e6bdcab7>