PPTP "fixup" for FreeBSD NAT Router
Scott Ullrich
sullrich at gmail.com
Wed Oct 31 08:41:25 PDT 2007
On 10/31/07, Rob Shepherd <rob at techniumcast.com> wrote:
> Dear FreeBSD PF users,
>
> We have Cisco FWSM software v2.3 which doesn't pass PPTP traffic due to it not
> being able to extract the GRE session information. Grrr.... Enterprise grade my
> *rse!
>
> Nevertheless, I am intrigued to see if I can provide an alternate route for a
> customers PPTP connection through a FreeBSD router.
>
> I'll VLAN interface on to their LAN, NAT as usual to a public IP, but I would
> like to inquire (before I commence my setup) if...
>
> 1. FreeBSD NAT (PF) will pass PPTP
> 2. if (1), will it support multiple PPTP sessions (multiple clients to common
> remote VPN server)
PF does not have PPTP session handling code. You could try using a
proxy such as frickin-pptp[1] (yes, that is really it's name) that
should keep state on the GRE traffic much better but the last time I
tried to use this daemon it had issues on FreeBSD which the author was
aware of but did not know how to fix.
[1] http://sourceforge.net/projects/frickin/
Scott
Scott
More information about the freebsd-pf
mailing list