pf and pptp
Scott Ullrich
sullrich at gmail.com
Mon Jan 16 08:14:10 PST 2006
On 1/16/06, Alexander Vyrlanovich <iskander at apple-park.kiev.ua> wrote:
> Last week I moved my firewall from ipfw to pf on a gateway (FreeBSD
> RELENG_6_0 i386).
> All work fine except nat'ed pptp connections. Only one PC client can
> establish
> pptp VPT at the same time. After some google search I found this
> article: http://www.benzedrine.cx/pf/msg04961.html.
>
> Can anybody confirm, that situation with nating GRE packets with PF
> still
> persist or there is something wrong with my firewall rules?
Yep, this is a known limitation. We've been looking around for a
PPTP proxy helper to no avail. Frickin PPTP seems about the closest
match but would require some modifications to make it work correctly.
We see the same problems with pfSense often.
Scott
More information about the freebsd-pf
mailing list