From owner-freebsd-pf@FreeBSD.ORG Fri Jul 18 03:48:08 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20C41106564A for ; Fri, 18 Jul 2008 03:48:08 +0000 (UTC) (envelope-from ansarm@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182]) by mx1.freebsd.org (Postfix) with ESMTP id B4FEB8FC1A for ; Fri, 18 Jul 2008 03:48:07 +0000 (UTC) (envelope-from ansarm@gmail.com) Received: by py-out-1112.google.com with SMTP id p76so154309pyb.10 for ; Thu, 17 Jul 2008 20:48:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:references :in-reply-to:subject:date:message-id:mime-version:content-type :content-transfer-encoding:x-mailer:thread-index:content-language; bh=q/L8yf2zvQeNTSrhjPGB63gblsltDqZhChqDta47XCA=; b=Hl6KRxfjFJQcv3l1FG8zXA9JRKN9arYU65oiGLAGntpYt62272Z5ESaZF8LazgYnlS 7k3LObrLWC+Nz4rG3OHgOsWv492dJXvY49CUWnuCLF/CvLyOqvBnqu+uG7W4qdGF0Gbh pWoOH9VaAmkSUMraRVz0RdBz1allPuCsrSgJ4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:x-mailer :thread-index:content-language; b=yChTsLdwdiYgydHsmvZomqkT41oD1uv01IkdL5VsSWJMyX/utJXzk+RGIy+JfDEfot D9FTzroiEitKiOIPh86XJ1JcBkV+3oTZ5gvciQOJ2xQEZkCciT9pEVe4CTTK4TM7erH8 Vxzbb88AxoTnu+CQSvg23hd9nY8cZzvqio4jE= Received: by 10.65.75.2 with SMTP id c2mr4047108qbl.13.1216352886689; Thu, 17 Jul 2008 20:48:06 -0700 (PDT) Received: from ansarmm2 ( [206.248.190.95]) by mx.google.com with ESMTPS id p27sm3332443qbp.15.2008.07.17.20.48.05 (version=SSLv3 cipher=RC4-MD5); Thu, 17 Jul 2008 20:48:05 -0700 (PDT) From: "Ansar Mohammed" To: "'Chris Buechler'" References: <047001c8e87d$8078b710$816a2530$@com> In-Reply-To: Date: Thu, 17 Jul 2008 23:48:04 -0400 Message-ID: <048f01c8e889$160fffd0$422fff70$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Acjoh4iY7l6ZG0D/T1GIY1Rpnl207QAAXfNA Content-Language: en-ca Cc: freebsd-pf@freebsd.org Subject: RE: GRE Limitation X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2008 03:48:08 -0000 Is this like "a known bug" that's being fixed or is this "by design" and we have to deal with it? > -----Original Message----- > From: Chris Buechler [mailto:cbuechler@gmail.com] > Sent: July 17, 2008 11:37 PM > To: Ansar Mohammed > Cc: freebsd-pf@freebsd.org > Subject: Re: GRE Limitation > > On Thu, Jul 17, 2008 at 10:25 PM, Ansar Mohammed > wrote: > > Hello All, > > I just read the following on the pfsense website: > > > > "PPTP and GRE Limitation - The state tracking code in pf for the GRE > > protocol can only track a single session per public IP per external > server. > > This means if you use PPTP VPN connections, only one internal machine > can > > connect simultaneously to a PPTP server on the Internet. A thousand > machines > > can connect simultaneously to a thousand different PPTP servers, but > only > > one simultaneously to a single server. The only available work around > is to > > use multiple public IPs on your firewall, one per client, or to use > multiple > > public IPs on the external PPTP server. This is not a problem with > other > > types of VPN connections." > > > > Is this also true for stock FreeBSD with PF or just a pfsense issue? > > > > That's true with every OS that runs pf, and anything based on any of > those (including pfSense). > > Chris