> > It has nothing to do with pptp from LAN. It only is a limitation > for accessing the SAME pptp server at the same time by different > clients natted through the same pfsense. You can access as many > different pptpserverv from different clients natted through a > pfsense. I somehow have a feeling there is some confusion about > what frickin can solve and what the original problem is... > > Holger
This was my understanding too PPTP listens on port 1723 and requires GRE so for inbound connections to an internal server both these require 1:1 nat PPTP has no problem with outbound NAT to different servers. That said:- I have seen hints that the 1:1 NAT for GRE to get an internal server to work may break outbound PPTP (is this true? note below leads me to think it might be depending on pf's awareness of Call-ID ) With multiple external IP addresses would it not be possible to run multiple internal PPTP servers? Before pf I used Linux IP tables and it had no problem with multiple inbound connections to an internal server (with 1:1 nat of gre and port 1723) . Now we have dumped our old NT4 server I use pf for the traffic shaping/firewall and run the pptp on the firewall. Note : from the frickin docs PPTP uses two connections when creating a secure connection. It needs one tcp connection called Control Connection and one gre, generic routing encapsulation, connection for the actual tunneled data. Unfortunately the gre protocol has no knowledge of ports, instead each gre packet is tagged with a Call-ID. The Call-ID is used at the endpoints to multiplex multiple connections, as most firewalls do not understand the PPTP protocol they cannot make use of the Call-ID which restricts you to one tunnel thru a NAT'ed firewall. PS I like pf the rules are more readable than iptables or ipchains and the shaping seems better integrated Robert > -----Original Message----- > From: Fuchs, Martin [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 08, 2006 3:03 PM > To: [email protected] > Subject: AW: [pfSense Support] filter rules for frickin pptp > > > hmmm, sad sad... pptp from lan sometimes is a nice thing to > have... sadly pf does not support it until now :-( > > > > Von: Holger Bauer > Gesendet: Di 08.08.2006 14:25 > An: [email protected] > Betreff: RE: [pfSense Support] filter rules for frickin pptp > > > See the frickin documentation. It only supports multiple natted > connections to a predefined pptp server. It's not a general > solution. There is no package for it yet but some people are > trying to install it at the backendlevel. > > Holger > > -----Original Message----- > From: Fuchs, Martin [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 08, 2006 2:21 PM > To: [email protected] > Subject: AW: [pfSense Support] filter rules for frickin pptp > > > hmmm, sounds like there is a workaround for pf not supporting pptp ? > > does frickin work for LAN outbound traffic ? > > is there a package ? or how do i install ? > > > > Von: Holger Bauer > Gesendet: Di 08.08.2006 10:07 > An: [email protected] > Betreff: RE: [pfSense Support] filter rules for frickin pptp > > > PPTP needs protocol GRE and TCP port 1723. In case the frickin > listens on the loopbackinterface you might accomplish the > redirects through the webgui to destination 127.0.0.1. > Btw, there is someone else at the forum trying to get this to > work. Maybe you can work together on this: > http://forum.pfsense.org/index.php/topic,1803.0.html > > Holger > > > -----Original Message----- > > From: Raja Subramanian [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 08, 2006 8:43 AM > > To: [email protected] > > Subject: [pfSense Support] filter rules for frickin pptp > > > > > > I'm running RC2a and have many LAN clients that connect to a single > > external pptp server. Since I'm using NAT, I installed the > > frickin pptp > > package. The package itself installed fine, but I don't know what to > > do next. How do I: > > > > 1. redirect outbound pptp traffic to the proxy? > > 2. what pass rules do I need use to permit pptp traffic between > > proxy and the external server? > > > > Can someone please share their configuration with me? > > > > Thanks in advance for your time and suggestions. > > > > - Raja > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
