Howdy,
If you (or others watching this list) ever need to go back to the pptp
route then consider using net/frickin which is a pptp proxy :)
I'm using it successfully with redirection.
rdr on $int_if proto tcp from $lnet to any port 1723 -> 127.0.0.1 port 1724
rdr on $int_if proto gre from $lnet to any -> 127.0.0.1
Cheers
cya
Andrew
Sebastiaan van Erk wrote:
Greg Hennessy wrote:
Sebastiaan van Erk wrote:
nat on $ext_if from { $int_net, $wifi_net } to any -> $ext_if
This is the nub of the problem, 'hide' NAT breaks GRE.
To successfully do 'Many:1' NAT of GRE requires a rewrite of the GRE
call id header to track each session in a manner analagous to
rewriting the source port of a 'hide' natted tcp/udp session.
The last time I looked, Daniel, Henning et al have not added that
facility to PF as of yet.
You can statically translate the flow instead which should sort the
problem.
Greg
Thanks for the reply,
I have a feeling that my "upstream" ADSL modem has a similar issue,
because what I did was use multiple "external" addresses on my pf
machine (192.168.1.2, 192.168.1.3, etc) and I was getting really strange
behavior (that is, when starting a PPTP session on 192.168.1.2 I'd get
GRE packets back on 192.168.1.3 from the ADSL modem, which presumably
still had an old NAT rule from a recent session via the .3 address).
In the end I took the plunge and kicked PPTP out of the equation (since
all the remote servers are managed by me anyway), and converted
everthing to OpenVPN with bridging. All my problems have vaporized and
I've learned quite a bit in the process.
Regards,
Sebastiaan
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
