GRE Limitation
Ansar Mohammed
ansarm at gmail.com
Fri Jul 18 03:48:08 UTC 2008
Is this like "a known bug" that's being fixed or is this "by design" and we
have to deal with it?
> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail.com]
> Sent: July 17, 2008 11:37 PM
> To: Ansar Mohammed
> Cc: freebsd-pf at freebsd.org
> Subject: Re: GRE Limitation
>
> On Thu, Jul 17, 2008 at 10:25 PM, Ansar Mohammed <ansarm at gmail.com>
> wrote:
> > Hello All,
> > I just read the following on the pfsense website:
> >
> > "PPTP and GRE Limitation - The state tracking code in pf for the GRE
> > protocol can only track a single session per public IP per external
> server.
> > This means if you use PPTP VPN connections, only one internal machine
> can
> > connect simultaneously to a PPTP server on the Internet. A thousand
> machines
> > can connect simultaneously to a thousand different PPTP servers, but
> only
> > one simultaneously to a single server. The only available work around
> is to
> > use multiple public IPs on your firewall, one per client, or to use
> multiple
> > public IPs on the external PPTP server. This is not a problem with
> other
> > types of VPN connections."
> >
> > Is this also true for stock FreeBSD with PF or just a pfsense issue?
> >
>
> That's true with every OS that runs pf, and anything based on any of
> those (including pfSense).
>
> Chris
More information about the freebsd-pf
mailing list