Hi, I changed the GRE rule to:
pass out quick proto gre and it was still giving me the same errors after flushing the firewall: pfctl -f /etc/pf.conf Log:3. 003875 rule 6/0(match): block out on vr0: 10.1.0.6 > 193.46.80.81: GREv1, call 55191, seq 7, proto PPP (0x880b), length 36: [|ppp]
But a few minutes later I started up the VPN (without having changed anything in the firewall), and now it suddenly did work.
I don't know where the delay comes from, I've never seen that before... Regards, Sebastiaan Sebastiaan van Erk wrote:
Hi,I've just upgraded my old old old FreeBSD 6.3 firewall box to FreeBSD 7.1-p2.However, now my firewall will suddenly no longer NAT GRE, so none of client connections to remote (PPTP) VPNs are working.When trying to connect from the client (10.1.0.6) to internet, everything works fine (tcp/udp are natted), but when trying to set up a VPN my firewall log says:3. 004630 rule 6/0(match): block out on vr0: 10.1.0.6 > 193.46.80.81: GREv1, call 55191, seq 10, proto PPP (0x880b), length 36: [|ppp](vr0 is my external interface, which is connected to the ADSL modem) The rule that is blocking is: @6 block drop out log quick on vr0 inet from ! 192.168.1.2 to any(192.168.1.2 is my "external" address). This rule is supposed to block any internal stuff going out that is not NATted properly. It is correct to block my client (10.1.0.6), since it should have had its address translated.My nat rule is simple (and DOES NAT tcp/udp): nat on $ext_if from { $int_net, $wifi_net } to any -> $ext_ifThe entire config is attached. Am I doing something stupid? Does anybody know what I'm doing wrong?Thanks in advance, Sebastiaan
smime.p7s
Description: S/MIME Cryptographic Signature
