Well I have my PFSense box in production now and have run into a few random issues that I just can't figure out, so here I am hoping to get some help.
Right now I have one specific site that we can't PPTP to, I can PPTP to tons of other sites just great, but this one is for some reason not working.
My setup is thus. Private LAN -----> PFSense ------> DMZ LAN ------> Cisco PIX ------> Internet
I can pptp to this specific site when in the DMZ, so that tells me its most likely a PFSense issue. When going through PFSense to my PIX, my pix complains that it can't create the GRE translation, but what looks out of the oordinary is that for some reason my internal private address is not being NAT'd.
EX: 10.x.x.x ----> PFSense (No NAT happening here) ------> PIX
So my PIX sees my internal address instead of my PF WAN address. Is that normal for GRE?
I also have another situation that is similar, but for a TCP port translation. I have around 150 servers using the same exact translation, but for some reason I have one specific site that fails using it, so I had to set up a server in my DMZ to receive that data and relay it through PFSense, irnonically using the same NAT that this specific client should be able to use.
I have setup a logging server, but it doesn't show me the translations made, but I suppose the Diagnostics | States does that.
Thanks for your help.
So it turns out that after decent troubleshooting, only one PPTP VPN is able to connect to 1 site at a time. Is this a known bug? It is really odd behavior. I see in the states tables that one user is able to VPN just great to a site, but then when a different host in my LAN tries to vpn to the same site, for some reason the GRE Translation doesn't appear to be made correctly. IE it basically forwards the internal address to my pix and my pix says no way. Any fixes to this?
Please search the forum. This is a known limitation atm. However we are working on integrating a pptp proxy as package to work around this. This also has been discussed in the forum already.
Doh! Sorry… :-[