From owner-freebsd-pf@FreeBSD.ORG Fri Jul 18 04:01:04 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C72E3106564A for ; Fri, 18 Jul 2008 04:01:04 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.171]) by mx1.freebsd.org (Postfix) with ESMTP id 85F838FC13 for ; Fri, 18 Jul 2008 04:01:04 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so106354wfg.7 for ; Thu, 17 Jul 2008 21:01:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=go49OPBpmy1Z5rL6PdO5mlreblBpsPOfmQSGj1FM/MU=; b=hGTc/9q0ZLAP75un0Xl26aYkS6b2I45gYk6MEIvK8y2VVGftww/SXSWqg4Nfs95YUQ AiFKPEGC0yJZvAYriCplv32dPajg0vb33pnOgm7QD7/4C85NiqrzL606ioHHfstBlpU0 shendr8CDfuxJCw3F9bOj4AR6l2XNtFZDD1kk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=mFiRM1PSHI0H5FJgjrNxnaY5z+TF1gYctmfd2KzuuiAwNaM76QCq4bnSf92F40zjJR Z1cP6tkPJiCjKOkvVZqfTxRRxhAuq8ZCSR597q3mWhflry6ssBI1loHNZ6bztOn7KQjW cqNXCnFcbNjP+yInOLwM38shegJK9/8l+XV78= Received: by 10.142.143.7 with SMTP id q7mr951857wfd.3.1216352219262; Thu, 17 Jul 2008 20:36:59 -0700 (PDT) Received: by 10.143.43.4 with HTTP; Thu, 17 Jul 2008 20:36:59 -0700 (PDT) Message-ID: Date: Thu, 17 Jul 2008 23:36:59 -0400 From: "Chris Buechler" To: "Ansar Mohammed" In-Reply-To: <047001c8e87d$8078b710$816a2530$@com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <047001c8e87d$8078b710$816a2530$@com> Cc: freebsd-pf@freebsd.org Subject: Re: GRE Limitation X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2008 04:01:04 -0000 On Thu, Jul 17, 2008 at 10:25 PM, Ansar Mohammed wrote: > Hello All, > I just read the following on the pfsense website: > > "PPTP and GRE Limitation - The state tracking code in pf for the GRE > protocol can only track a single session per public IP per external server. > This means if you use PPTP VPN connections, only one internal machine can > connect simultaneously to a PPTP server on the Internet. A thousand machines > can connect simultaneously to a thousand different PPTP servers, but only > one simultaneously to a single server. The only available work around is to > use multiple public IPs on your firewall, one per client, or to use multiple > public IPs on the external PPTP server. This is not a problem with other > types of VPN connections." > > Is this also true for stock FreeBSD with PF or just a pfsense issue? > That's true with every OS that runs pf, and anything based on any of those (including pfSense). Chris