It's already been a week now since I've started fiddling my rules and i just ended up with having 1 client ONLY to successfully connect to an external pptp server. the openbsdmail-lists says that, it's pptp's fault. because it's old but i believe it's a challenge.
we'll see what happens next. anyways below are the 2 rules I've come up with. that will let pptp pass-through a PF/Carp box (OpenbSD 4.1 Tested): Just make sure you pass TCP and GRE Traffic.
given setup is (BLOCK in/out ALL)
#Rule Style 1
pass out quick on $ext_if inet proto gre all label "GRE out WAN"
pass in quick on $ext_if inet proto gre all label "GRE in WAN"
pass out quick on $int_if inet proto gre all label "GRE out LAN"
pass in quick on $int_if inet proto gre all label "GRE in LAN"
pass out quick on $int_if inet proto { tcp, udp } from any to any port 1723
pass in quick on $int_if inet proto { tcp, udp } from any to any port 1723
pass out quick on $ext_if inet proto { tcp, udp } from any to any port 1723
pass in quick on $ext_if inet proto { tcp, udp } from any to any port 1723
Rule Style 2
pass in quick on $int_if inet proto { tcp, udp } from any to any port 1723
pass in inet proto gre from any to any
pass out inet proto gre from any to any
frickin is not a good way to pass-pptp. i guess it can be done on the kernel justlike linux's ppt-passthrough.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment