Problem with firewall disrupting VPN connection



  • I have a client with a pfsense router (1.2) and they connect to a vpn at HQ to get their email from an exchange server.

    They have never had perfect service but its been increasingly buggy lately with the VPN connection disconnecting regularly.  I checked the logs on the pfsense router today for the VPN's IP address and found the following popping up in the firewall log.

    pf: 265091 rule 248/0(match): block in on fxp0: (tos 0x0, ttl 114, id 53914, offset 0, flags [DF], proto: TCP (6), length: 48) 216.145.xxx.xxx.3796 > 74.219.xxx.xxx.6881: S, cksum 0xcfc4 (correct), 4112386703:4112386703(0) win 16384

    Can anyone here tell me if this is the pfsense firewall blocking the vpn and if so how can I go about fixing the problem?



  • That's not ipsec traffic. Are we actually talking about IPSEC or a different VPN? You probably should better check the ipsec logs instead. Please provide some more details on your setup.



  • The clients are using the Windows XP VPN connection utility with Microsoft Chaps V2 Encryption to connect to the off site VPN appliance (made by Cyberguard), there is no ipsec VPN setup anywhere.

    The simplified version of that entry in the log says it is GRE traffic.



  • So you have multiple people connecting from behind a natting pfsense router to same pptp server? Then this probably still applies:
    http://forum.pfsense.org/index.php/topic,1383.0.html..



  • Ermal is working on improving PPTP atm but it still takes some further work. PPTP through has a limitation where you can't connect with multiple clients to the same server at wan simultaneously and PPTP through won't work at all if the PPTP server at the pfSense that you are going through is enabled. Besides that PPTP works without issues usually.


Locked