From owner-freebsd-pf@FreeBSD.ORG Fri Jul 18 04:05:30 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71305106566B for ; Fri, 18 Jul 2008 04:05:30 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.30]) by mx1.freebsd.org (Postfix) with ESMTP id 10B1F8FC08 for ; Fri, 18 Jul 2008 04:05:29 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so42103ywe.13 for ; Thu, 17 Jul 2008 21:05:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=cdlb402C5ATWaZLMz3N9drRB3oyN5E4q8wpBHkrczB0=; b=EAom+GmytMYGbcjEoVr1Uv78v8wkUX0yhiK5rIPl6mRtUDAkhZmcDMsFaVciJKpvqi +r7Wcz7BREBqhUmS8iDo5l3l6XSKy4AHGcsasEhktTWlBAgG6RVnWS3CmILDbPFemr4O zHzL4WKRYpi2cuU/zLWmlMnKajGq8WcBhyvRU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=xkjFoGBcY1ai5pZG81M1hUT67F6fnBqjyAttUPCh3HCoHyJ1PzKE1orxz81/iloLC/ f7UYiWXE9HLKP+8ta7pyukD83YEPSoVcOlCNB/+ZyBfIrW+qt7Bu2+xC6Wr+IdvA5OTT h/ASmGhmnhcVKimDBS8W4JR2lfPsoV568BVAk= Received: by 10.143.4.16 with SMTP id g16mr936072wfi.289.1216353928758; Thu, 17 Jul 2008 21:05:28 -0700 (PDT) Received: by 10.143.43.4 with HTTP; Thu, 17 Jul 2008 21:05:28 -0700 (PDT) Message-ID: Date: Fri, 18 Jul 2008 00:05:28 -0400 From: "Chris Buechler" To: "Ansar Mohammed" In-Reply-To: <048f01c8e889$160fffd0$422fff70$@com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <047001c8e87d$8078b710$816a2530$@com> <048f01c8e889$160fffd0$422fff70$@com> Cc: freebsd-pf@freebsd.org Subject: Re: GRE Limitation X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2008 04:05:30 -0000 On Thu, Jul 17, 2008 at 11:48 PM, Ansar Mohammed wrote: > Is this like "a known bug" that's being fixed or is this "by design" and we > have to deal with it? > It's not a bug. If you search the OpenBSD list archives you'll find plenty of discussion on it. There are proxies that are supposed to work around this, like Frickin PPTP. It's not highly regarded by the OpenBSD community apparently (not sure why, saw that in passing in their list archives at one point), and it doesn't work right on FreeBSD (if any OS?). There may be other proxy alternatives, I'm not aware of any that work. Ermal Luci, a pfSense and FreeBSD committer, has been working on improved state tracking for GRE that would eliminate this limitation. Not sure of the status other than it's not done. If/when it's finished it'll be in pfSense development releases first, maybe integrated into the BSDs later or possibly not. Chris