Giljam Koch wrote:
Hello Richard,
Thanks for your reply. No. It’s still default. I did however conclude
the following:
When I disable my own PPTP VPN server, the outbound VPN’s work again.
Can anyone confirm this? Does this have something to do with this
infamous “GRE connection tracking” issue that FreeBSD/ pfSense has?
Yes. From the new website that'll be live soon:
PPTP and GRE Limitation - The state tracking code in pf for the GRE
protocol can only track a single session per public IP per external
server. This means if you use PPTP VPN connections, only one internal
machine can connect simultaneously to a PPTP server on the Internet. A
thousand machines can connect simultaneously to a thousand different
PPTP servers, but only one simultaneously to a single server. The only
available work around is to use multiple public IPs on your firewall,
one per client, or to use multiple public IPs on the external PPTP
server. This is not a problem with other types of VPN connections.
Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP
clients cannot use the same public IP for outbound PPTP connections.
This means if you have only one public IP, and use the PPTP Server, PPTP
clients inside your network will not work. The work around is to use a
second public IP with Advanced Outbound NAT for your internal clients.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
