Hi Chris! Thanks for the reply! I've got a few IP-addresses left. How can I separate the PPTP connections from the normal traffic? I suppose I have to use the gateway and some rule, but do you have more details?
Again, thanks! Kind regards, Giljam -----Oorspronkelijk bericht----- Van: Chris Buechler [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 18 december 2007 1:47 Aan: [email protected] Onderwerp: Re: [pfSense Support] PPTP VPN Giljam Koch wrote: > > Hello Richard, > > Thanks for your reply. No. It's still default. I did however conclude > the following: > > When I disable my own PPTP VPN server, the outbound VPN's work again. > Can anyone confirm this? Does this have something to do with this > infamous "GRE connection tracking" issue that FreeBSD/ pfSense has? > Yes. From the new website that'll be live soon: PPTP and GRE Limitation - The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
