Outbound PPTP VPN Connection broken AGAIN
-
So a while ago there was this bug in pfSense where a PPTP VPN connection made from within the LAN through a pfSense 2 box to a remote Microsoft server would work perfectly, but after 30 seconds to 3 minutes the connection will seem to be half closed - packets goes out but nothing is ever received - when data flow stops. As long as one transfers data over the connection the VPN connection was kept alive. Stop transferring data and the connection goes half dead - the OS still believes it is connected but no data is ever received.
Then the guys fixed it. I tested it and VPN worked perfectly. But the kernel would panic with that COLOR error message. This went on for a couple of weeks (months maybe). I could not use those builds because even though VPN worked my machine crashed within either 5 minutes or 5 hours.
I tried this build:
2.0-RC1 (i386)
built on Fri Mar 4 22:36:09 EST 2011FreeBSD fw.home 8.1-RELEASE-p2 FreeBSD 8.1-RELEASE-p2 #1: Fri Mar 4 22:34:55 EST 2011 sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
Please help me? I see the original ticket has been closed. I am confused.
-
Yep, I'm having the same issue as well but with a different snapshot:
2.0-RC1 (i386)
built on Sat Feb 26 15:30:26 EST 2011I am using standard PPTP settings in Windows 7 to connect to the microsoft server at the remote site. It'll connect and then about 2 minutes into it the session dies, it doesn't show as disconnected but just nothing being passed through.
I've had this same problem before with the earlier snapshots and had to go back to the release version of 1.2.3 so I can use it.
Least the IPSec VPN in this build is working perfectly now. Very stable and not a single disconnect.
Darkk
-
Let me provide more information about my setup in hopes they can track it down.
Current build: 2.0-RC1 (i386)
built on Fri Mar 4 22:36:09 EST 2011Fresh install with defaults. Only two packages are installed: Client Export for OpenVPN and VNStat2. Eventually I will install snort, anti-virus…etc. Wanted to make sure the core is stable first before I start adding stuff to it.
I do have OpenVPN configured via defaults and running but haven't tested it yet.
I am also running site to site IPSec VPN to work network. I even have it turned off to test PPTP VPN and it would work for 2 minutes then it dies.
Oh yea, I am not doing anything fancy with the WAN. Just a single WAN, LAN and Wireless.
Other than that V2.0 been great!!
Darkk
-
Happy to see the current build of 2.0-RC1 (i386) built on Sun Mar 20 02:20:38 EDT 2011 the Microsoft's PPTP VPN is working great! No more disconnects after connecting to the Microsoft's VPN server at the office from Windows 7.
Darkk
-
Ok I will upgrade and test, thank you.
-
Yesterday upgraded to the latest 2.0RC1 snapshot , and outbound PPTP is broken again.
Same as pf 1.2.3 no outbound PPTP is possible anymore when a client is behind a PFsense 2.0 RC1 unfortunally.
Because Mobile IPSEC in this builds is also problematic . It's getting worse with connectivity unfotunally. :-[ :-[Hope someone has a solution , or hoping the developing team will solve this soon.
wil add a bug for this.
Msonic
-
The PPTP proxy that was allowing this to work had been causing panics/hangs/other state issues. It will probably have to wait for 2.1.
-
The PPTP proxy that was allowing this to work had been causing panics/hangs/other state issues. It will probably have to wait for 2.1.
What does this mean? That it would be impossible to make outbound PPTP VPN connections from within the network fronted by a pfSense box to an external PPTP server?
-
It means the old limitations are in place:
- You can't make outbound PPTP connections if you are running a PPTP server
- You can't make two outbound PPTP connections to the same remote PPTP server
-
Ah I see. Well then that would not be too much of an issue for me. Thanks.
-
It means the old limitations are in place:
- You can't make outbound PPTP connections if you are running a PPTP server
- You can't make two outbound PPTP connections to the same remote PPTP server
jimp, can you clarify? Is the pptp proxy required to maintain outbound pptp connections?
-
To maintain them? No, but to bypass the restrictions I mentioned, yes.
-
Okay, I've been unable to maintain an outbound VPN connection from a PC on the LAN to an outside server for longer than a few minutes with the inbound PPTP VPN disabled (no redirect) and the pf scrub disabled.
Where else can I look to troubleshoot this?
-
Not sure what that might be. I had a PPTP connection up (and practically idle) from behind a 2.0 box to a 2.0 box for more than a half hour the other day.
-
I must say if I do not run a ping to the destination PPTP VPN server my connection also dies…
-
This gets better!
Now I can't even establish a connection.
Other than the default outbound rule, any others that outbound PPTP needs? I believe I deleted the inbound rules when turning disabling the PPTP server.
-
Shouldn't be anything that it touches special, if you can't establish a PPTP connection the most likely cause is that you've already got a PPTP connection going on another machine to that same remote system.
-
Well, I can guarantee that's not the case. I have, however made multiple attempts from my machine.
I don't see anything in states with the remote server's IP, so I'm not sure what it could be.
-
Reboot fixed it.
Dunno why a reboot was required, but I'm not complaining.
-
Since the issue won't be fixed until 2.1 is there a timeline for at least a beta of 2.1 that will contain the fix? We've been dealing with the issue in hopes that a fix was coming sometime soon, but if it's going to be several more months then we'll probably want to switch to a different firewall that supports pptp until PFSense is stable in that regard, and then switch back. Also if there is anything I can do to assist in helping the developers fix the issue I am willing.
