Outbound PPTP VPN Connection broken AGAIN
-
Let me provide more information about my setup in hopes they can track it down.
Current build: 2.0-RC1 (i386)
built on Fri Mar 4 22:36:09 EST 2011Fresh install with defaults. Only two packages are installed: Client Export for OpenVPN and VNStat2. Eventually I will install snort, anti-virus…etc. Wanted to make sure the core is stable first before I start adding stuff to it.
I do have OpenVPN configured via defaults and running but haven't tested it yet.
I am also running site to site IPSec VPN to work network. I even have it turned off to test PPTP VPN and it would work for 2 minutes then it dies.
Oh yea, I am not doing anything fancy with the WAN. Just a single WAN, LAN and Wireless.
Other than that V2.0 been great!!
Darkk
-
Happy to see the current build of 2.0-RC1 (i386) built on Sun Mar 20 02:20:38 EDT 2011 the Microsoft's PPTP VPN is working great! No more disconnects after connecting to the Microsoft's VPN server at the office from Windows 7.
Darkk
-
Ok I will upgrade and test, thank you.
-
Yesterday upgraded to the latest 2.0RC1 snapshot , and outbound PPTP is broken again.
Same as pf 1.2.3 no outbound PPTP is possible anymore when a client is behind a PFsense 2.0 RC1 unfortunally.
Because Mobile IPSEC in this builds is also problematic . It's getting worse with connectivity unfotunally. :-[ :-[Hope someone has a solution , or hoping the developing team will solve this soon.
wil add a bug for this.
Msonic
-
The PPTP proxy that was allowing this to work had been causing panics/hangs/other state issues. It will probably have to wait for 2.1.
-
The PPTP proxy that was allowing this to work had been causing panics/hangs/other state issues. It will probably have to wait for 2.1.
What does this mean? That it would be impossible to make outbound PPTP VPN connections from within the network fronted by a pfSense box to an external PPTP server?
-
It means the old limitations are in place:
- You can't make outbound PPTP connections if you are running a PPTP server
- You can't make two outbound PPTP connections to the same remote PPTP server
-
Ah I see. Well then that would not be too much of an issue for me. Thanks.
-
It means the old limitations are in place:
- You can't make outbound PPTP connections if you are running a PPTP server
- You can't make two outbound PPTP connections to the same remote PPTP server
jimp, can you clarify? Is the pptp proxy required to maintain outbound pptp connections?
-
To maintain them? No, but to bypass the restrictions I mentioned, yes.
-
Okay, I've been unable to maintain an outbound VPN connection from a PC on the LAN to an outside server for longer than a few minutes with the inbound PPTP VPN disabled (no redirect) and the pf scrub disabled.
Where else can I look to troubleshoot this?
-
Not sure what that might be. I had a PPTP connection up (and practically idle) from behind a 2.0 box to a 2.0 box for more than a half hour the other day.
-
I must say if I do not run a ping to the destination PPTP VPN server my connection also dies…
-
This gets better!
Now I can't even establish a connection.
Other than the default outbound rule, any others that outbound PPTP needs? I believe I deleted the inbound rules when turning disabling the PPTP server.
-
Shouldn't be anything that it touches special, if you can't establish a PPTP connection the most likely cause is that you've already got a PPTP connection going on another machine to that same remote system.
-
Well, I can guarantee that's not the case. I have, however made multiple attempts from my machine.
I don't see anything in states with the remote server's IP, so I'm not sure what it could be.
-
Reboot fixed it.
Dunno why a reboot was required, but I'm not complaining.
-
Since the issue won't be fixed until 2.1 is there a timeline for at least a beta of 2.1 that will contain the fix? We've been dealing with the issue in hopes that a fix was coming sometime soon, but if it's going to be several more months then we'll probably want to switch to a different firewall that supports pptp until PFSense is stable in that regard, and then switch back. Also if there is anything I can do to assist in helping the developers fix the issue I am willing.
-
No ETA. We have to release 2.0 before we can even think about ALPHAs of 2.1, let alone BETAs.