Cannot Connect PPTP VPN
-
Updated (from amd64 Oct 28th build to Nov 2nd build) and also (still) experiencing problems connecting to remote PPTP-servers (pfSense PPTP-server disabled) - adding a NAT-rule to route incoming GRE to the IP I try to connect from works for a temp. solution…
Would prefer something more friendly though ;) especially as I occasionally switch which computer I want to connect from...
-
What is the status of this very annoying problem ?
-
yes this is incredibly frustrating. Any update on a fix, had a great, stable experience with previous builds but being able to make an outbound PPTP connection is critical for us so very tempted to rollback to 1.2.x until 2.x is ready for the time being.
currently using 2.0-BETA4 (i386) built on Mon Nov 1 01:27:31 EDT 2010
was tempted to update to latest but saw people are still having issues
-
couldn't actually see this reported in redmine.
have reported now, http://redmine.pfsense.org/issues/989
-
Is there a known workarround (like a kernel parameter)?
Do you know where does the bug comes from ? pfSense code or kernel update issue ?Thanks
-
Other people have reported success if they manually forward 1723/tcp and GRE through to an internal IP and then make a connection outbound from the machine with that address. It appears to be the traffic coming back in without an explicit NAT rule that is the issue, so you can't just plug say a laptop in, get an IP via DHCP and establish a PPTP VPN.
I was hoping to dig further but in the middle of a big project at the moment, will try add some beef to the PR at somepoint.
-
Ok so it seems to be a state tracking problem ?
When you watch the logs during a connection attempt (tcpdump -i pflog0 -ttt -n) you can see GRE responses from the outside server being blocked by pf. -
No news neither a clue about this issue ?
-
Wait for a new image to get built, just committed the fix.
https://rcs.pfsense.org/projects/pfsense-tools/repos/mainline/commits/1c33e5128463d84dcedb71c9480a126dd8a6466e -
will try it asap.
Thanks Ermal. -
Same issue here.
Tried to use it with Win2k8 TMG.
TMG's gateway is pfSense LAN IP (this is important! without this forwarding doesn't work)
Seems it even don't try to connect, just refusing connection with CLOSED:SYN_SENT.
Just ignoring firewall rules… or I have missed something in pfSense firewall?
Check screenshots attached.EDIT: sorry for information missed: tested on pfSense-2.0-BETA4-20101116-1840-i386.iso
EDIT: Thanks for fix for Ticket #989. Will try this as soon new snapshot will be available.
-
You do not need the gre allowance with latest snaphots.
Your problem is that you do not need to specify the gateway in firewall rules. -
Confirming that outgoing PPTP VPN now works w/o incoming GRE-rule - thanks :D
-
Confirming this too.
Thanks
-
Confirming that PPTP limitations are gone for good :)
Thanks!
ermal: just curious - will there be an OpenBSD pf patch in the future?
-
You can try yourself.
From my side i am done with OpenBSD folks doing politics. -
nice reply Ermal ;)
-
confirmed as well on 2.0-BETA4 (i386)
built on Wed Nov 24 19:45:12 EST 2010well done guys, thanks so much for this