Date: Mon, 12 Sep 2011 08:29:36 +0300 From: Artyom Viklenko <artem@aws-net.org.ua> To: Mario Lobo <lobo@bsd.com.br> Cc: freebsd-pf@freebsd.org Subject: Re: VPN problem Message-ID: <4E6D98C0.8040707@aws-net.org.ua> In-Reply-To: <201109111117.38461.lobo@bsd.com.br> References: <201109101042.53575.lobo@bsd.com.br> <201109101917.30117.lobo@bsd.com.br> <20110911045732.GC29437@insomnia.benzedrine.cx> <201109111117.38461.lobo@bsd.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
> 2) What I am attempting that's not working (but used to work!)
>
> Establish a VPM from My home workstation TO My work GW
This is what I have in my home router's pf about GRE:
nat on $ext_if proto gre from $int_net to any -> ($ext_if)
pass in quick on $int_if inet proto gre from $int_if:network to any keep
state
pass in quick on $ext_if inet proto gre from any to any no state
pass out quick on $ext_if inet proto gre all keep state queue def
Any single PPTP connectios always work fine but - as noted before -
ONLT ONE.
Pay attention to pass rule on external interface - use 'no state'!
Without it the first gre packet from VPN server will create wrong
state and these packets will not reach VPN client in the home LAN.
Anyway, consider migration to L2TP.
Hope this helps.
--
Sincerely yours,
Artyom Viklenko.
-------------------------------------------------------
artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem
artem@viklenko.net | JID: artem@jabber.aws-net.org.ua
FreeBSD: The Power to Serve - http://www.freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E6D98C0.8040707>