GRE Passtrough AND Outbound VPN

  • Hi.
    I have a problem with the passthrough to a PPTP server.

    In my network is a PPTP server that accepts connections from outside. Therefore I have two NAT forwardings (1723 / TCP and GRE) configured to this server. Of course, there are two matching firewall rules.

    Establishing a connection from a client in my network to a remote PPTP server fails. Only when I set a GRE forwarding to the client, the connection is established.
    Because there can't be configured two GRE NAT rules at the same time, only an "either-or mode" is possible.

    In the Firewall logs I found that the external PPTP server wants to establish a GRE connection to the internal PPTP server (not my client) if I want to connect to external PTPP server from the client while the NAT rule for internal PPTP server is set.

    What do I need to adjust so I can use the inbound and outbound VPN connection at the same time?

    The pfSense 2.1.5 is connected to a modem in bridge mode. No NAT-cascade.

    Many thanks

  • GRE is weird…

    I haven't had great success with:

    Using a PPTP client on the same network as PPTP server.

    Or having multiple clients on same network connect to a single PPTP server.

    Its always been flakey for me.

  • The same scenario works with a CISCO RV042. Why not with pfSense?

  • With me it wasn't reliable even before I switched to pfsense.

  • Maybe it's possible to find a workaround?

  • There is a work around.  Switch to openvpn.

  • I would if I could.  :D

    …it's the decision of our customers.

  • Do your customers know that using PPTP encrypted VPN is virtually same as passing traffic with no encryption at all?

  • I think so. And I hope that they will find the right way soon.
    But I need to ensure that the service VPN tunnel work again as soon as possible.

  • Does pfSense have any tools to find a solution?

Log in to reply