Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Does PPTP/GRE limitations still apply to OPNSense / FreeBSD
« previous
next »
Print
Pages: [
1
]
Author
Topic: Does PPTP/GRE limitations still apply to OPNSense / FreeBSD (Read 5367 times)
Kodestuen
Newbie
Posts: 2
Karma: 0
Does PPTP/GRE limitations still apply to OPNSense / FreeBSD
«
on:
March 09, 2017, 08:56:36 pm »
Remember from the pfSense days that PF does not handle GRE and NAT very well.
So my question is, can we still have only one PPTP connection to a server at a time? We have customers were some employees need to connect to the same PPTP endpoint at a time, so it important that this is possible.
Today we use VyOS (Linux) and that handle it just fine, but VyOS harder to maintan for me as it's CLI only.
Best,
Christian
Logged
franco
Administrator
Hero Member
Posts: 17808
Karma: 1631
Re: Does PPTP/GRE limitations still apply to OPNSense / FreeBSD
«
Reply #1 on:
March 11, 2017, 04:11:19 pm »
Hi Christian,
This needs a connection tracker in the OS code. I don't think this was ever added to FreeBSD. Sorry.
The GRE Tunnel does not have a port number, which makes it difficult to police because it would need to be based on its content. "not handle GRE and NAT very well" is a bit misleading therefore -- it's that GRE was chosen and that it operates this way.
Cheers,
Franco
Logged
Kodestuen
Newbie
Posts: 2
Karma: 0
Re: Does PPTP/GRE limitations still apply to OPNSense / FreeBSD
«
Reply #2 on:
March 13, 2017, 01:53:29 pm »
Hi Franco,
thank you very much for the clear answer :-)
Keep up the excellent work!!!
/CU
Logged
godot
Newbie
Posts: 2
Karma: 0
Re: Does PPTP/GRE limitations still apply to OPNSense / FreeBSD
«
Reply #3 on:
March 14, 2017, 11:41:08 am »
Freebsd has the code for nating pptp in the in kernel ipfw nat code.....
https://github.com/freebsd/freebsd/blob/master/sys/netinet/libalias/alias_pptp.c
Possible workaround:
https://forum.pfsense.org/index.php?topic=46172.0
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Does PPTP/GRE limitations still apply to OPNSense / FreeBSD