Pfsense blocks simultaneous access to VPN (PPTP)

  • Good morning,
    I'm having a problem trying to access VPN (PPTP) …
    I made a rule in the firewall to allow access to external TCP port 1723 (PPTP) to the LAN, the firewall also liberated outside access to the GRE protocol to the LAN.
    The first person to connect to the VPN connects normally, but all the other User can not make the connection.
    The error code is 806, saying the network is not configured to allow GRE packets.
    Has anyone experienced this?
    A solution?

    I'm in I look
    Philip Obrien

  • Rebel Alliance Developer Netgate

  • The link supplied talks about the known NAT limitationfor outgoing connections; at least that is my understanding.

    Is that for incoming connections as well?  If it is, the link above should be changed to be clear about that… it says 'external servers' and gives examples that relate to users connecting to outside servers, not outside connections coming in to an internal PPTP server.

    Did anyone else read it that way?

  • If you are talking about connections coming to pfSense and pfSense has PPTP server running then there is a limit of 16 simultaneous connections.
    Please post screenshot of your PPTPserver settings page.

  • I was reading some of your problems regarding PPTP and FTP.

    This is the basic solution for both, assuming that you have a internet connection with dynamic IP, one modem with router, a firewall and your server is IP, OK!


    1. create at your modem/router a basic port forward from your ISP to your machine port 1723 forward to port 1723
    2. create at your firewall the rule for PPTP, opening the PORT or the PROTOCOL. It will depend on your server config.
    3. remember, PPTP will make your connection really slow.


    1. open your server (assuming that it is Filezilla) Edit / Settings
    2. on general settings, move your default port to a different one. ISPs use to block ports 21 and 22 (and lot others more)
    3. my suggestion is NOT TO USE plain FTP, use instead FTPS, which is much more secure.
    4. since you have dynamic IP go to PASSIVE MODE SETTINGS and select RETRIEVE EXTERNAL IP
    5. put some ports at your USE CUSTOM PORTS (4000 - 5000)
    6. create at your modem, the PORT FORWARDINGS 990 (FTPS) and 4000 - 5000 (Passive ports) to
    7. under SSL/TLS create a new certificate for you. ITS FREE! Put port 990.
    8. thats it, it should work, if it doesn´t go to:

    ENJOY. Everything should be working fine. I have it in different places and it works just fine, with FIXED and DYNAMIC IPS. It doesn´t matter.

    If your CLIENT FTP SOFTWARE still refuses to work:

    1. open you Filezilla Client, go to EDIT / CONFIGURATION
    2. under FTP select ACTIVE instead of PASSIVE
    3. under ACTIVE MODE, select the same ports you assigned 4000 - 5000. Click OK. It will work.

    Hope this help.



  • @luiscloss:

    It will work.

    I wish I had the same level of confidence… ;D

Log in to reply