1723 is PPTP. This uses GRE ( generic routing encapsulation ). You must allow this protocol.
And, as far as I know, openBSD cannot NAT this protocol ( it is possible to nat GRE for pptp if you peek into the next higher level protocol ( ppp in this case ? ) but this is not implemented ) So I did a RDR for GRE to the only windows PC in my local network that needs PPTP. Something like rdr Pass on $ext_if proto gre from any -> (address of Windows PC ) And further below in pf.conf allow GRE for your internal and external interface. regards christoph > -----Urspr|ngliche Nachricht----- > Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] > Im Auftrag von Marcos Laufer > Gesendet: Freitag, 27. November 2009 16:06 > An: stan; misc@openbsd.org > Betreff: Re: How to determine what ports are being used? > > > You could fire up the VPN, connect to it from the outside, > and then use the netstat command to see which ports are > beeing used knowing the origin and destination IPs > > Regards, > Marcos Laufer > > > stan wrote: > > I have a home network tat uses an OpenBSD machine as it's > firewall. I > > now have a company laptop (Windows), and it has some sort of > > "Microsoft VPN". If it remove my "block all" rule I can get > this VPN > > up. The corporate "support" folks say that it uses port 1723, but > > putting thta in pf.conf and restarting (with the block all) > rule sill > > does not allow it to work. > > > > If I turn off the block all rule, and fire up the VPN, how can I > > determine what ports it is using, so that I can create the correct > > pf.conf rules?