From owner-freebsd-stable@FreeBSD.ORG  Tue Apr  5 09:47:14 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AD98716A4CE
	for <freebsd-stable@freebsd.org>;
	Tue,  5 Apr 2005 09:47:14 +0000 (GMT)
Received: from w2b.BigIMAP.com (w2b.bigimap.com [67.137.230.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5ABD343D2F
	for <freebsd-stable@freebsd.org>;
	Tue,  5 Apr 2005 09:47:14 +0000 (GMT)
	(envelope-from Walentyn@gorsk.com)
Received: from [127.0.0.1] (helo=localhost)
	by w2b.BigIMAP.com with esmtp (Exim 4.32)
	id 1DIkeL-0004bC-3N; Tue, 05 Apr 2005 02:47:09 -0700
Received: from pool-151-203-222-74.bos.east.verizon.net
	(pool-151-203-222-74.bos.east.verizon.net [151.203.222.74]) 
	by w2b.bigimap.com (IMP) with HTTP 
	for <amansaguapos@gorsk.com@localhost>;
	Tue,  5 Apr 2005 05:47:09 -0400
Message-ID: <1112694429.42525e9d12433@w2b.bigimap.com>
Date: Tue,  5 Apr 2005 05:47:09 -0400
From: Walentyn <Walentyn@gorsk.com>
To: freebsd-stable@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.4
X-Originating-IP: 151.203.222.74
X-BFI-Originally-From: 
cc: Michael Bretterklieber <mbretter@inode.at>
Subject: Re: FreeBSD mpd PPTP client connection to SnapGearLITE+
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2005 09:47:14 -0000

Quoting Michael Bretterklieber <mbretter@inode.at>:

> Hi,
> ...
>
> Perhaps GRE is blocked somewhere (Firewall)?
>
> bye,
> --
> ------------------------------- ----------------------------------
> Michael Bretterklieber          - http://www.bretterklieber.com
> ------------------------------ ----------------------------------
>
>
>

I thought the follwing ipfilter rules would have done the trick:

----------------------------------------------------------------------
# allow PPTP client
pass in  log quick on xl0 proto gre from [SGL server IP]/32 to any
pass out log quick on xl0 proto gre from any to any
pass in  log quick on xl0 proto tcp from [SGL server IP]/32 port = 1723 to any
pass out log quick on xl0 proto tcp from any to any port = 1723
----------------------------------------------------------------------

Perhaps I missed something, however, the firewall log does show "p" (pass) for
all entries during attempted negotiation.

I'm starting to think that FreeBSD's mpd PPTP may be incompatible with
SnapGearLITE's UCLinux PPTP interpretation (although SGL works like a champ
with XP and Linux clients).  Unfortunately, the appliance in question has been
discontinued and the company taken over (and forgotten?) by Cyberguard.

Thanks!

--
Walentyn