VPN problem
Artyom Viklenko
artem at aws-net.org.ua
Mon Sep 12 05:30:08 UTC 2011
> 2) What I am attempting that's not working (but used to work!)
>
> Establish a VPM from My home workstation TO My work GW
This is what I have in my home router's pf about GRE:
nat on $ext_if proto gre from $int_net to any -> ($ext_if)
pass in quick on $int_if inet proto gre from $int_if:network to any keep
state
pass in quick on $ext_if inet proto gre from any to any no state
pass out quick on $ext_if inet proto gre all keep state queue def
Any single PPTP connectios always work fine but - as noted before -
ONLT ONE.
Pay attention to pass rule on external interface - use 'no state'!
Without it the first gre packet from VPN server will create wrong
state and these packets will not reach VPN client in the home LAN.
Anyway, consider migration to L2TP.
Hope this helps.
--
Sincerely yours,
Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
artem at viklenko.net | JID: artem at jabber.aws-net.org.ua
FreeBSD: The Power to Serve - http://www.freebsd.org
More information about the freebsd-pf
mailing list