The problem is PF related. How or why, we do not know yet. That is really the only thing that is different.
On 3/9/06, Edward van Berkum <[EMAIL PROTECTED]> wrote: > > I understand, and I cannot say anything about that, you and the compete team > have all my respect. > > I am trying to figure out how to solve the problem. > The problem is also there when passing the pptp to another server and > creating nat and filter rules. > I also have a 2k3 server running with routing and remote access, when I > enable forward to other server, and create nat and filter rules, I cannot > connect to the external server. > I also noticed, when no rules are enabled which makes it possible to create > an outgoing connection to my office and then create the rules to forward it > to an other server or enabling the pfsense pptp server, create nat and > filter rules and apply it, the connection is not dropped so I can take over > my office workstation, when I now create a connection from my office to my > home pfsense it also keeps hanging on verifying username and password. > > I hope this is some more information for you guys to debug this. > > Kind regards Edward > ________________________________ > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > To: [email protected] > Sent: Thu, 09 Mar 2006 18:29:02 +0100 > > Subject: Re: [pfSense Support] Creating a PPTP connection from behind > pfsense > > We have identical code except for the IPF -> PF translations. > > We have spent a LOT of time on it to no avail. > > On 3/9/06, Edward van Berkum <[EMAIL PROTECTED]> wrote: > > > > The other site I'm connecting to is a debian machine running pptpd in a > colo > > . > > > > Maybe there is a posibility to track changes between monowall 1.21 and > > pfsense 1.0beta2 and handling nat and filter rules for pptp? > > On monowall 1.21 with the same config there is no problem? > > > > And the problem does not occur when enabling the pptp server in pfsense, > it > > realy hapens when creating the nat and filter rules, I have just tested > > that. (can someone else also confirm that?) > > > > Edward > > > > > > > > ________________________________ > > From: Holger Bauer [mailto:[EMAIL PROTECTED] > > To: [email protected] > > Sent: Thu, 09 Mar 2006 17:38:44 +0100 > > Subject: RE: [pfSense Support] Creating a PPTP connection from behind > > pfsense > > > > > > The really strange thing about that phenomenon is that W2K clients from > > behind pfSense can ALWAYS connect through a PPTP enabled pfSense to any > > remote PPTP location. > > An XP client can connect fine to a m0n0 1.11 PPTP Server through an PPTP > > enabled pfSense but refuses to connect to another remote pfSense PPTP > > Server. > > There are other things to this problem that don't make sense at all (and > it > > really doesn't show up in my testlab or at everybodies connection though I > > have two real life locations now showing the same behavior). > > If anybody has a clue or a hint we would appreciate any help on this as > this > > is an odd still persisting problem. > > > > Holger > > > > > -----Original Message----- > > > From: Fractalyzor [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, March 09, 2006 5:16 PM > > > To: [email protected] > > > Subject: Re: [pfSense Support] Creating a PPTP connection from behind > > > pfsense > > > > > > > > > This is an open ticket 812: > > > http://cvstrac.pfsense.com/tktview?tn=812,6 > > > > > > > > > Ticket 812: pptp isn't natted correctly outbound if pptp > > > is enabled > > > > > > pptp client---->natting pfsense----->pptp server > > > > > > connection get's somehow broken and responses from the pptp server > > > are intercepted not reaching the client. disabling pptp server at > > > the natting pfsense fixes the connectionproblem (temporarily > > > workaround). > > > > > > [Add remarks > > <http://cvstrac.pfsense.com/tktappend?tn=812,6>] > > > > > > > > > Remarks: > > > > > > and open tickets: > > > http://cvstrac.pfsense.com/rptview?rn=6 > > > > > > /F > > > > > > Lawrence Farr wrote: > > > >> -----Original Message----- > > > >> From: Brian [mailto:[EMAIL PROTECTED] > > > >> Sent: 09 March 2006 15:45 > > > >> To: [email protected] > > > >> Subject: Re: [pfSense Support] Creating a PPTP connection > > > >> from behind pfsense > > > >> > > > >> I have had this exact same issue for some time and have never > > > >> been able > > > >> to find the solution. My situation is the same. > > > >> > > > >> Office pfSense with PPTP enabled. Home pfSense without PPTP > > > >> and I can > > > >> connect from home to work without any issues. Once I > > > enable PPTP @ > > > >> home, I can no longer get from home to work using PPTP. > > > Turning off > > > >> PPTP @ home then allows me to connect from home to work again. > > > >> > > > >> Holger has tried this in his lab I believe and was not able > > > >> to re-create > > > >> it and I think maybe he did it outside of the lab too without > > > >> being able > > > >> to create the problem and thus it was closed. While I am > > > >> sorry to see > > > >> you have the same issue, it is encouraging to know I am > > > not crazy :-) > > > >> > > > >> I am sorry I have no real info on a fix, I can only confirm > > > >> this behavior. > > > >> > > > >> Edward van Berkum wrote: > > > >> > > > >>> I have the following problem and can't figure out why it's > > > >>> > > > >> going wrong, > > > >> > > > >>> I have the latest 1.0Beta2 running. > > > >>> > > > >>> I have setup a box, with pfsense, and everything works fine > > > >>> > > > >> so I connect > > > >> > > > >>> to my office pptp server to check my e-mail, till now no problem. > > > >>> Sinse I now and then want to check my computer at home, I > > > >>> > > > >> have enabled > > > >> > > > >>> the pptp server within pfsense, after that I checked if it > > > >>> > > > >> worked from > > > >> > > > >>> my internal lan, and it did. > > > >>> So I wanted to enable and make it available for my office > > > so I can > > > >>> connect to my home. > > > >>> So I created a nat rule from 1723 to 1723 on the ip adres > > > >>> > > > >> of pfsense, > > > >> > > > >>> and let it create a filter rule. > > > >>> Now my problem ocurs, I can't create a PPTP connection to > > > >>> > > > >> my office lan > > > >> > > > >>> anymore, it keeps hanging on verifying username and password. > > > >>> After I remove the nat and filter rules, disable the pptp > > > >>> > > > >> server, reboot > > > >> > > > >>> pfsense then I am able to make to connection again. > > > >>> > > > >>> On monowall this worked veryfine, but sinse pfsense has more > > > >>> configuration options and a shell to customize several > > > >>> > > > >> things like the > > > >> > > > >>> timeout in PPTP..... and off-course many other features I > > > >>> > > > >> wanted to use > > > >> > > > >>> that. > > > >>> > > > >>> Does anyone no a solution to this problem? > > > >>> > > > >>> Here are my nat and filter rules from the config > > > >>> NAT > > > >>> - <rule> > > > >>> <protocol>tcp</protocol> > > > >>> <external-port>1723</external-port> > > > >>> <target>192.168.10.1</target> > > > >>> <local-port>1723</local-port> > > > >>> <interface>wan</interface> > > > >>> <descr>pptp</descr> > > > >>> </rule> > > > >>> Filter > > > >>> <rule> > > > >>> <interface>wan</interface> > > > >>> <protocol>tcp</protocol> > > > >>> - <source> > > > >>> <any /> > > > >>> </source> > > > >>> - <destination> > > > >>> <address>192.168.10.1</address> > > > >>> <port>1723</port> > > > >>> </destination> > > > >>> <descr>NAT pptp</descr> > > > >>> </rule> > > > >>> > > > >>> Regards Edward van Berkum > > > >>> > > > >> > > > > > > --------------------------------------------------------------------- > > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > >> > > > >> > > > > > > > > I have two sites, one like this > > > > > > > > me -> PFSense NAT with external IP -> outside world > > > > > > > > That works with no issue > > > > > > > > me -> PFSense NAT with internal IP -> DSL Router with NAT > > > -> outside world > > > > > > > > doesn't, and fails on the password. Plugging directly > > > > into the DSL works as expected. Both PFSense boxes have > > > > an allow GRE and port 1723 rule. > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > ____________ > > Virus checked by G DATA AntiVirusKit > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
