We have identical code except for the IPF -> PF translations. We have spent a LOT of time on it to no avail.
On 3/9/06, Edward van Berkum <[EMAIL PROTECTED]> wrote: > > The other site I'm connecting to is a debian machine running pptpd in a colo > . > > Maybe there is a posibility to track changes between monowall 1.21 and > pfsense 1.0beta2 and handling nat and filter rules for pptp? > On monowall 1.21 with the same config there is no problem? > > And the problem does not occur when enabling the pptp server in pfsense, it > realy hapens when creating the nat and filter rules, I have just tested > that. (can someone else also confirm that?) > > Edward > > > > ________________________________ > From: Holger Bauer [mailto:[EMAIL PROTECTED] > To: [email protected] > Sent: Thu, 09 Mar 2006 17:38:44 +0100 > Subject: RE: [pfSense Support] Creating a PPTP connection from behind > pfsense > > > The really strange thing about that phenomenon is that W2K clients from > behind pfSense can ALWAYS connect through a PPTP enabled pfSense to any > remote PPTP location. > An XP client can connect fine to a m0n0 1.11 PPTP Server through an PPTP > enabled pfSense but refuses to connect to another remote pfSense PPTP > Server. > There are other things to this problem that don't make sense at all (and it > really doesn't show up in my testlab or at everybodies connection though I > have two real life locations now showing the same behavior). > If anybody has a clue or a hint we would appreciate any help on this as this > is an odd still persisting problem. > > Holger > > > -----Original Message----- > > From: Fractalyzor [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 09, 2006 5:16 PM > > To: [email protected] > > Subject: Re: [pfSense Support] Creating a PPTP connection from behind > > pfsense > > > > > > This is an open ticket 812: > > http://cvstrac.pfsense.com/tktview?tn=812,6 > > > > > > Ticket 812: pptp isn't natted correctly outbound if pptp > > is enabled > > > > pptp client---->natting pfsense----->pptp server > > > > connection get's somehow broken and responses from the pptp server > > are intercepted not reaching the client. disabling pptp server at > > the natting pfsense fixes the connectionproblem (temporarily > > workaround). > > > > [Add remarks > <http://cvstrac.pfsense.com/tktappend?tn=812,6>] > > > > > > Remarks: > > > > and open tickets: > > http://cvstrac.pfsense.com/rptview?rn=6 > > > > /F > > > > Lawrence Farr wrote: > > >> -----Original Message----- > > >> From: Brian [mailto:[EMAIL PROTECTED] > > >> Sent: 09 March 2006 15:45 > > >> To: [email protected] > > >> Subject: Re: [pfSense Support] Creating a PPTP connection > > >> from behind pfsense > > >> > > >> I have had this exact same issue for some time and have never > > >> been able > > >> to find the solution. My situation is the same. > > >> > > >> Office pfSense with PPTP enabled. Home pfSense without PPTP > > >> and I can > > >> connect from home to work without any issues. Once I > > enable PPTP @ > > >> home, I can no longer get from home to work using PPTP. > > Turning off > > >> PPTP @ home then allows me to connect from home to work again. > > >> > > >> Holger has tried this in his lab I believe and was not able > > >> to re-create > > >> it and I think maybe he did it outside of the lab too without > > >> being able > > >> to create the problem and thus it was closed. While I am > > >> sorry to see > > >> you have the same issue, it is encouraging to know I am > > not crazy :-) > > >> > > >> I am sorry I have no real info on a fix, I can only confirm > > >> this behavior. > > >> > > >> Edward van Berkum wrote: > > >> > > >>> I have the following problem and can't figure out why it's > > >>> > > >> going wrong, > > >> > > >>> I have the latest 1.0Beta2 running. > > >>> > > >>> I have setup a box, with pfsense, and everything works fine > > >>> > > >> so I connect > > >> > > >>> to my office pptp server to check my e-mail, till now no problem. > > >>> Sinse I now and then want to check my computer at home, I > > >>> > > >> have enabled > > >> > > >>> the pptp server within pfsense, after that I checked if it > > >>> > > >> worked from > > >> > > >>> my internal lan, and it did. > > >>> So I wanted to enable and make it available for my office > > so I can > > >>> connect to my home. > > >>> So I created a nat rule from 1723 to 1723 on the ip adres > > >>> > > >> of pfsense, > > >> > > >>> and let it create a filter rule. > > >>> Now my problem ocurs, I can't create a PPTP connection to > > >>> > > >> my office lan > > >> > > >>> anymore, it keeps hanging on verifying username and password. > > >>> After I remove the nat and filter rules, disable the pptp > > >>> > > >> server, reboot > > >> > > >>> pfsense then I am able to make to connection again. > > >>> > > >>> On monowall this worked veryfine, but sinse pfsense has more > > >>> configuration options and a shell to customize several > > >>> > > >> things like the > > >> > > >>> timeout in PPTP..... and off-course many other features I > > >>> > > >> wanted to use > > >> > > >>> that. > > >>> > > >>> Does anyone no a solution to this problem? > > >>> > > >>> Here are my nat and filter rules from the config > > >>> NAT > > >>> - <rule> > > >>> <protocol>tcp</protocol> > > >>> <external-port>1723</external-port> > > >>> <target>192.168.10.1</target> > > >>> <local-port>1723</local-port> > > >>> <interface>wan</interface> > > >>> <descr>pptp</descr> > > >>> </rule> > > >>> Filter > > >>> <rule> > > >>> <interface>wan</interface> > > >>> <protocol>tcp</protocol> > > >>> - <source> > > >>> <any /> > > >>> </source> > > >>> - <destination> > > >>> <address>192.168.10.1</address> > > >>> <port>1723</port> > > >>> </destination> > > >>> <descr>NAT pptp</descr> > > >>> </rule> > > >>> > > >>> Regards Edward van Berkum > > >>> > > >> > > > --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > > > > > I have two sites, one like this > > > > > > me -> PFSense NAT with external IP -> outside world > > > > > > That works with no issue > > > > > > me -> PFSense NAT with internal IP -> DSL Router with NAT > > -> outside world > > > > > > doesn't, and fails on the password. Plugging directly > > > into the DSL works as expected. Both PFSense boxes have > > > an allow GRE and port 1723 rule. > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > ____________ > Virus checked by G DATA AntiVirusKit > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
