This is an open ticket 812:
http://cvstrac.pfsense.com/tktview?tn=812,6
Ticket 812: pptp isn't natted correctly outbound if pptp is enabled
pptp client---->natting pfsense----->pptp server
connection get's somehow broken and responses from the pptp server
are intercepted not reaching the client. disabling pptp server at
the natting pfsense fixes the connectionproblem (temporarily
workaround).
[Add remarks <http://cvstrac.pfsense.com/tktappend?tn=812,6>]
Remarks:
and open tickets:
http://cvstrac.pfsense.com/rptview?rn=6
/F
Lawrence Farr wrote:
-----Original Message-----
From: Brian [mailto:[EMAIL PROTECTED]
Sent: 09 March 2006 15:45
To: [email protected]
Subject: Re: [pfSense Support] Creating a PPTP connection
from behind pfsense
I have had this exact same issue for some time and have never
been able
to find the solution. My situation is the same.
Office pfSense with PPTP enabled. Home pfSense without PPTP
and I can
connect from home to work without any issues. Once I enable PPTP @
home, I can no longer get from home to work using PPTP. Turning off
PPTP @ home then allows me to connect from home to work again.
Holger has tried this in his lab I believe and was not able
to re-create
it and I think maybe he did it outside of the lab too without
being able
to create the problem and thus it was closed. While I am
sorry to see
you have the same issue, it is encouraging to know I am not crazy :-)
I am sorry I have no real info on a fix, I can only confirm
this behavior.
Edward van Berkum wrote:
I have the following problem and can't figure out why it's
going wrong,
I have the latest 1.0Beta2 running.
I have setup a box, with pfsense, and everything works fine
so I connect
to my office pptp server to check my e-mail, till now no problem.
Sinse I now and then want to check my computer at home, I
have enabled
the pptp server within pfsense, after that I checked if it
worked from
my internal lan, and it did.
So I wanted to enable and make it available for my office so I can
connect to my home.
So I created a nat rule from 1723 to 1723 on the ip adres
of pfsense,
and let it create a filter rule.
Now my problem ocurs, I can't create a PPTP connection to
my office lan
anymore, it keeps hanging on verifying username and password.
After I remove the nat and filter rules, disable the pptp
server, reboot
pfsense then I am able to make to connection again.
On monowall this worked veryfine, but sinse pfsense has more
configuration options and a shell to customize several
things like the
timeout in PPTP..... and off-course many other features I
wanted to use
that.
Does anyone no a solution to this problem?
Here are my nat and filter rules from the config
NAT
- <rule>
<protocol>tcp</protocol>
<external-port>1723</external-port>
<target>192.168.10.1</target>
<local-port>1723</local-port>
<interface>wan</interface>
<descr>pptp</descr>
</rule>
Filter
<rule>
<interface>wan</interface>
<protocol>tcp</protocol>
- <source>
<any />
</source>
- <destination>
<address>192.168.10.1</address>
<port>1723</port>
</destination>
<descr>NAT pptp</descr>
</rule>
Regards Edward van Berkum
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
I have two sites, one like this
me -> PFSense NAT with external IP -> outside world
That works with no issue
me -> PFSense NAT with internal IP -> DSL Router with NAT -> outside world
doesn't, and fails on the password. Plugging directly
into the DSL works as expected. Both PFSense boxes have
an allow GRE and port 1723 rule.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
