Date: Mon, 12 Sep 2011 20:51:51 -0300 From: Mario Lobo <lobo@bsd.com.br> To: Artyom Viklenko <artem@aws-net.org.ua> Cc: freebsd-pf@freebsd.org Subject: Re: VPN problem Message-ID: <201109122051.52012.lobo@bsd.com.br> In-Reply-To: <4E6D98C0.8040707@aws-net.org.ua> References: <201109101042.53575.lobo@bsd.com.br> <201109111117.38461.lobo@bsd.com.br> <4E6D98C0.8040707@aws-net.org.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 12 September 2011 02:29:36 Artyom Viklenko wrote: > > This is what I have in my home router's pf about GRE: > [snip] > pass in quick on $ext_if inet proto gre from any to any no state > Pay attention to pass rule on external interface - use 'no state'! > Without it the first gre packet from VPN server will create wrong > state and these packets will not reach VPN client in the home LAN. Thanks a million, Artyom ! You nailed it! This fixed my problem at BOTH endpoints! But look at how particular that is!. And why in heavens name this wasn't happening before? The fact that I never needed that rule before, and after maybe a couple csups now I do, worries me a bit. I can't help wondering if this sort of thing may happen somewhere else on a next (now improbable) csup. > > Any single PPTP connectios always work fine but - as noted before - > ONLY ONE. > This was never an issue in my case. > > Anyway, consider migration to L2TP. > Not anymore thanks to you !! -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winblows FREE)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109122051.52012.lobo>