GRE Limitation
Chris Buechler
cbuechler at gmail.com
Fri Jul 18 04:01:04 UTC 2008
On Thu, Jul 17, 2008 at 10:25 PM, Ansar Mohammed <ansarm at gmail.com> wrote:
> Hello All,
> I just read the following on the pfsense website:
>
> "PPTP and GRE Limitation - The state tracking code in pf for the GRE
> protocol can only track a single session per public IP per external server.
> This means if you use PPTP VPN connections, only one internal machine can
> connect simultaneously to a PPTP server on the Internet. A thousand machines
> can connect simultaneously to a thousand different PPTP servers, but only
> one simultaneously to a single server. The only available work around is to
> use multiple public IPs on your firewall, one per client, or to use multiple
> public IPs on the external PPTP server. This is not a problem with other
> types of VPN connections."
>
> Is this also true for stock FreeBSD with PF or just a pfsense issue?
>
That's true with every OS that runs pf, and anything based on any of
those (including pfSense).
Chris
More information about the freebsd-pf
mailing list