pFsense 2.0.1 I just had some trouble getting inbound PPTP sessions to work. Configured it, created a user, created a rule allowing PPTP traffic to the destination LAN, and couldn't connect from the outside because the server would not respond and the connection would time out.
I checked the rules before we did anything else and saw these (pfctl -s rules | grep -i pptp): pass in on vr3 inet proto tcp from any to 75.90.212.90 port = pptp flags S/SA modulate state label "allow pptp 75.90.212.90" pass in on vr3 proto gre all keep state label "allow gre pptpd" Looks like it should work to me, but still nothing and nothing being logged anywhere that I can find. We added this rule in the GUI: TCP * * WAN address 1723 (PPTP) * none Resulting in this ruleset: pass in on vr3 inet proto tcp from any to 75.90.212.90 port = pptp flags S/SA modulate state label "allow pptpd 75.90.212.90" pass in on vr3 proto gre all keep state label "allow gre pptpd" pass in log quick on vr3 reply-to (vr3 75.90.212.89) inet proto tcp from any to 75.90.212.90 port = pptp flags S/SA keep state label "USER_RULE" And now it works. It's my understanding that we shouldn't have to tweak the ruleset to allow PPTP setup traffic inbound. This installation is a tad bit peculiar. The ISP provides a /29. The DSL modem is supposed to be bridged (but is a closed black box) that responds at 75.90.212.89 on the ethernet side. The pFsense WAN port is 75.90.212.90/29 with a gateway of 75.90.212.89. There are a couple other devices on the public side /29 but I deem them irrelevant to this problem. Thoughts? Thanks. _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list