Troubleshooting GRE and PPTP

Multiple Outbound Connections to the Same External PPTP Server

pf does not have any capabilities of tracking more than one GRE connection per public IP per external host. That is, if you NAT your entire internal network to your WAN public IP, you can only connect one internal machine to a given external GRE source. For PPTP, this means only one PC can connect to an outside PPTP server at a time.

Work-arounds:

• Use 1:1 or outbound NAT with multiple public IP's
• Use the Frickin package (currently not working, is being worked on)

Outbound PPTP with PPTP Server Enabled

Also, there is a pf limitation that stops any outbound PPTP connections from working if the PPTP Server on pfSense is enabled. This is a known issue with no known work around.

Problems when pfSense is the PPTP Server

Ensure that ALL protocols are being passed on the PPTP Firewall Rule tab

Other tips

• In System -> Advanced, disable the scrubbing feature

Other Alternatives

1. Use OpenVPN (which is much better, has custom routing options, uses standard web ports, oh my)
2. Use IPSEC. Can work with CARP.
3. Consider a different firewalling platform


Protocol information

PPTP - http://www.faqs.org/rfcs/rfc2637.html∞
GRE - http://www.faqs.org/rfcs/rfc1701.html∞