GRE not natted on FreeBSD 7.1-p2

[Andrew]

Howdy,

If you (or others watching this list) ever need to go back to the pptp 
route then consider using net/frickin  which is a pptp proxy :)

I'm using it successfully with redirection.

rdr on $int_if proto tcp from $lnet to any port 1723 -> 127.0.0.1 port 1724
rdr on $int_if proto gre from $lnet to any -> 127.0.0.1

Cheers
cya
Andrew

Sebastiaan van Erk wrote:
> Greg Hennessy wrote:
>> Sebastiaan van Erk wrote:
>>>
>>>
>>> nat on $ext_if from { $int_net, $wifi_net } to any -> $ext_if
>>>
>> This is the nub of the problem, 'hide' NAT breaks GRE.
>>
>> To successfully do 'Many:1' NAT of GRE requires a rewrite of the GRE 
>> call id header to track each session in a manner analagous to 
>> rewriting the source port of a 'hide' natted tcp/udp session.
>>
>> The last time I looked, Daniel, Henning et al have not added that 
>> facility to PF as of yet.
>>
>> You can statically translate the flow instead which should sort the 
>> problem.
> 
>> Greg
> 
> Thanks for the reply,
> 
> I have a feeling that my "upstream" ADSL modem has a similar issue, 
> because what I did was use multiple "external" addresses on my pf 
> machine (192.168.1.2, 192.168.1.3, etc) and I was getting really strange 
> behavior (that is, when starting a PPTP session on 192.168.1.2 I'd get 
> GRE packets back on 192.168.1.3 from the ADSL modem, which presumably 
> still had an old NAT rule from a recent session via the .3 address).
> 
> In the end I took the plunge and kicked PPTP out of the equation (since 
> all the remote servers are managed by me anyway), and converted 
> everthing to OpenVPN with bridging. All my problems have vaporized and 
> I've learned quite a bit in the process.
> 
> Regards,
> Sebastiaan
>