GRE Passtrough AND Outbound VPN
I have a problem with the passthrough to a PPTP server.
In my network is a PPTP server that accepts connections from outside. Therefore I have two NAT forwardings (1723 / TCP and GRE) configured to this server. Of course, there are two matching firewall rules.
Establishing a connection from a client in my network to a remote PPTP server fails. Only when I set a GRE forwarding to the client, the connection is established.
Because there can't be configured two GRE NAT rules at the same time, only an "either-or mode" is possible.
In the Firewall logs I found that the external PPTP server wants to establish a GRE connection to the internal PPTP server (not my client) if I want to connect to external PTPP server from the client while the NAT rule for internal PPTP server is set.
What do I need to adjust so I can use the inbound and outbound VPN connection at the same time?
The pfSense 2.1.5 is connected to a modem in bridge mode. No NAT-cascade.
GRE is weird…
I haven't had great success with:
Using a PPTP client on the same network as PPTP server.
Or having multiple clients on same network connect to a single PPTP server.
Its always been flakey for me.
The same scenario works with a CISCO RV042. Why not with pfSense?
With me it wasn't reliable even before I switched to pfsense.
Maybe it's possible to find a workaround?
There is a work around. Switch to openvpn.
I would if I could. :D
…it's the decision of our customers.
Do your customers know that using PPTP encrypted VPN is virtually same as passing traffic with no encryption at all?
I think so. And I hope that they will find the right way soon.
But I need to ensure that the service VPN tunnel work again as soon as possible.
Does pfSense have any tools to find a solution?