Date: Sat, 10 Sep 2011 07:45:38 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Mario Lobo <lobo@bsd.com.br> Cc: freebsd-pf@freebsd.org Subject: Re: VPN problem Message-ID: <20110910054538.GA29437@insomnia.benzedrine.cx> In-Reply-To: <201109091646.15327.lobo@bsd.com.br> References: <201109091646.15327.lobo@bsd.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 09, 2011 at 04:46:15PM -0300, Mario Lobo wrote: > Any suggestions? Unlike most commercial NAT devices, pf is not aware of payload in PPTP packets, which means it only supports a single PPTP connection between your single external home addresses and the constant public work address (i.e. demultiplexing incoming PPTP packets to the right local client is based solely on IP adresses, and not any information inside the PPTP payload, like a session ID or such). Run pfctl -ss on the home NAT box and check that there is no unexpected prior PPTP (GRE) state when you try to open yours. If this is the problem, you can try a PPTP proxy. Or, yes, try ipfw, but I think it's not PPTP payload-aware, either. More details in an old thread http://lists.freebsd.org/pipermail/freebsd-pf/2006-November/002834.html If this is not the problem, you'll have to provide more details, like tcpdump on the pf NAT box (on both external and internal interfaces) while trying to establish a connection, run pfctl -vvss, pfctl -si before and after, use 'set debug misc' and watch /var/log/messages, etc. Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110910054538.GA29437>