PPTP out broke in latest nightly updates?

  • I have been running RC1 for a while and had no issues, but now I can't use PPTP to VPN to external networks. This was working fine whether the PPTP was enabled or not on my pfSense 2.0 RC1. I Just reconnected an old Cisco RV042 to verify and I can PPTP out with that fine. I tried the new update from last night and still not getting anywhere today.

  • I reset to defaults and it is working again so it must have been a change in the builds that caused the issue.

  • I noticed this problem a few days ago, but as I don't use outbound PPTP often I don't know how far back it goes.

    O'kay, just found another post that says this is a known issue, but I also seem to have the same issue if a GIF tunnel is open. Not sure if that's related.

  • I confirm I see the same happening with snapshot pfSense-Full-Update-2.0-RC1-i386-20110417-0254.
    I need to disable the PPTP Server to allow outbound PPTP connections.

    When the PPTP Server is active, GRE outbound connections are duplicated, one is passing through without being NATed, the other is NATed but the GRE sequence number get changed.

  • Rebel Alliance Developer Netgate

    That is expected behavior. The PPTP proxy code was removed because it was causing panics and such. Without the PPTP proxy you can't run and server and host clients.

  • How far back was the proxy removed? I need to roll back a few installs to get this back, but want to be as current as possible.

  • Rebel Alliance Developer Netgate

    commit 9bf5d741e0046f34532c33d4de1c235415ea11a0
    Author: Ermal eri@pfsense.orgDate:  Thu Mar 17 17:18:37 2011 +0000

    Retire pptp patch until some other issues are fixed with it. Its time will come after 2.0./eri@pfsense.org

  • where is it possible to get build befor patch?

  • It looks like we'll have to wait until after the release until this gets fixed. I need this to work in order to use pfSense. As the last person asked, is there any way to get a build before the patch or do I just have to wait?

  • Rebel Alliance Developer Netgate

    You could setup your own builder and reactivate the patch, assuming it still applies cleanly.

    It was removed for good reason, it causes crashes/panics/hangs in its current state. I wouldn't consider using it for production at this stage.

  • it's worked good for me and many of my friends and customers. I'll set my own builder to build the latest i386 version with this patch. any good instructions how to set builder for feebsd newcomer (i have good redhat knowledge)

  • Rebel Alliance Developer Netgate

    A stock FreeBSD 8.1 install is enough, works well in a VM. Just make the drive one slice (large /) and swap, don't try to make separate slices for /tmp, etc, like the installer auto-defaults to.


    The builder code is in pretty good shape these days, just when you build watch out that the first port build run usually fails, the second and rest succeed. For similar reasons, the first iso build usually fails, the second and later ones succeed.

  • just tried to build iso.
    without pptp patch build finished ok.
    with pptp path i have followiong errors:

    >>> Applying patches from /usr/home/pfsense/tools/builder_scripts/../builder_scripts/patches.RELENG_8_1 please wait...Hunk #2 failed at 282.
    Hunk #8 failed at 6344.
    Hunk #10 failed at 7671.
    Hunk #11 failed at 8281.
    4 out of 11 hunks failed--saving rejects to sys/contrib/pf/net/pf.c.rej

    any ideas?

  • i managed to remove this errors but now i have new problem. some file with name : /usr/pfSensesrc/src/Oops.rej

  • Finally i managed to build iso. if some one need pptp path thrue and pptp server i can place it on ftp. starting from today i go to make daily builds. i need help with test.

Log in to reply