The other site I'm connecting to is a debian machine running pptpd in a colo .
Maybe there is a posibility to track changes between monowall 1.21 and pfsense 1.0beta2 and handling nat and filter rules for pptp?
On monowall 1.21 with the same config there is no problem?
On monowall 1.21 with the same config there is no problem?
And the problem does not occur when enabling the pptp server in pfsense, it realy hapens when creating the nat and filter rules, I have just tested that. (can someone else also confirm that?)
Edward
From: Holger Bauer [mailto:[EMAIL PROTECTED]
To: [email protected]
Sent: Thu, 09 Mar 2006 17:38:44 +0100
Subject: RE: [pfSense Support] Creating a PPTP connection from behind pfsense
The really strange thing about that phenomenon is that W2K clients from behind pfSense can ALWAYS connect through a PPTP enabled pfSense to any remote PPTP location.
An XP client can connect fine to a m0n0 1.11 PPTP Server through an PPTP enabled pfSense but refuses to connect to another remote pfSense PPTP Server.
There are other things to this problem that don't make sense at all (and it really doesn't show up in my testlab or at everybodies connection though I have two real life locations now showing the same behavior).
If anybody has a clue or a hint we would appreciate any help on this as this is an odd still persisting problem.
Holger
> -----Original Message-----
> From: Fractalyzor [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 09, 2006 5:16 PM
> To: [email protected]
> Subject: Re: [pfSense Support] Creating a PPTP connection from behind
> pfsense
>
>
> This is an open ticket 812:
> http://cvstrac.pfsense.com/tktview?tn=812,6
>
>
> Ticket 812: pptp isn't natted correctly outbound if pptp
> is enabled
>
> pptp client---->natting pfsense----->pptp server
>
> connection get's somehow broken and responses from the pptp server
> are intercepted not reaching the client. disabling pptp server at
> the natting pfsense fixes the connectionproblem (temporarily
> workaround).
>
> [Add remarks <http://cvstrac.pfsense.com/tktappend?tn=812,6>]
>
>
> Remarks:
>
> and open tickets:
> http://cvstrac.pfsense.com/rptview?rn=6
>
> /F
>
> Lawrence Farr wrote:
> >> -----Original Message-----
> >> From: Brian [mailto:[EMAIL PROTECTED]]
> >> Sent: 09 March 2006 15:45
> >> To: [email protected]
> >> Subject: Re: [pfSense Support] Creating a PPTP connection
> >> from behind pfsense
> >>
> >> I have had this exact same issue for some time and have never
> >> been able
> >> to find the solution. My situation is the same.
> >>
> >> Office pfSense with PPTP enabled. Home pfSense without PPTP
> >> and I can
> >> connect from home to work without any issues. Once I
> enable PPTP @
> >> home, I can no longer get from home to work using PPTP.
> Turning off
> >> PPTP @ home then allows me to connect from home to work again.
> >>
> >> Holger has tried this in his lab I believe and was not able
> >> to re-create
> >> it and I think maybe he did it outside of the lab too without
> >> being able
> >> to create the problem and thus it was closed. While I am
> >> sorry to see
> >> you have the same issue, it is encouraging to know I am
> not crazy :-)
> >>
> >> I am sorry I have no real info on a fix, I can only confirm
> >> this behavior.
> >>
> >> Edward van Berkum wrote:
> >>
> >>> I have the following problem and can't figure out why it's
> >>>
> >> going wrong,
> >>
> >>> I have the latest 1.0Beta2 running.
> >>>
> >>> I have setup a box, with pfsense, and everything works fine
> >>>
> >> so I connect
> >>
> >>> to my office pptp server to check my e-mail, till now no problem.
> >>> Sinse I now and then want to check my computer at home, I
> >>>
> >> have enabled
> >>
> >>> the pptp server within pfsense, after that I checked if it
> >>>
> >> worked from
> >>
> >>> my internal lan, and it did.
> >>> So I wanted to enable and make it available for my office
> so I can
> >>> connect to my home.
> >>> So I created a nat rule from 1723 to 1723 on the ip adres
> >>>
> >> of pfsense,
> >>
> >>> and let it create a filter rule.
> >>> Now my problem ocurs, I can't create a PPTP connection to
> >>>
> >> my office lan
> >>
> >>> anymore, it keeps hanging on verifying username and password.
> >>> After I remove the nat and filter rules, disable the pptp
> >>>
> >> server, reboot
> >>
> >>> pfsense then I am able to make to connection again.
> >>>
> >>> On monowall this worked veryfine, but sinse pfsense has more
> >>> configuration options and a shell to customize several
> >>>
> >> things like the
> >>
> >>> timeout in PPTP..... and off-course many other features I
> >>>
> >> wanted to use
> >>
> >>> that.
> >>>
> >>> Does anyone no a solution to this problem?
> >>>
> >>> Here are my nat and filter rules from the config
> >>> NAT
> >>> - <rule>
> >>> <protocol>tcp</protocol>
> >>> <external-port>1723</external-port>
> >>> <target>192.168.10.1</target>
> >>> <local-port>1723</local-port>
> >>> <interface>wan</interface>
> >>> <descr>pptp</descr>
> >>> </rule>
> >>> Filter
> >>> <rule>
> >>> <interface>wan</interface>
> >>> <protocol>tcp</protocol>
> >>> - <source>
> >>> <any />
> >>> </source>
> >>> - <destination>
> >>> <address>192.168.10.1</address>
> >>> <port>1723</port>
> >>> </destination>
> >>> <descr>NAT pptp</descr>
> >>> </rule>
> >>>
> >>> Regards Edward van Berkum
> >>>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >
> > I have two sites, one like this
> >
> > me -> PFSense NAT with external IP -> outside world
> >
> > That works with no issue
> >
> > me -> PFSense NAT with internal IP -> DSL Router with NAT
> -> outside world
> >
> > doesn't, and fails on the password. Plugging directly
> > into the DSL works as expected. Both PFSense boxes have
> > an allow GRE and port 1723 rule.
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
____________
Virus checked by G DATA AntiVirusKit
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
