Troubleshooting GRE and PPTP
Multiple Outbound Connections to the Same External PPTP Server
pf does not have any capabilities of tracking more than one GRE connection per public IP per external host. That is, if you NAT your entire internal network to your WAN public IP, you can only connect one internal machine to a given external GRE source. For PPTP, this means only one PC can connect to an outside PPTP server at a time.
Work-arounds:
- Use 1:1 or outbound NAT with multiple public IP's
- Use the Frickin package (currently not working, is being worked on)
Outbound PPTP with PPTP Server Enabled
Also, there is a pf limitation that stops any outbound PPTP connections from working if the PPTP Server on pfSense is enabled. This is a known issue with no known work around.
Problems when pfSense is the PPTP Server
Ensure that ALL protocols are being passed on the PPTP Firewall Rule tab
Other tips
- In System -> Advanced, disable the scrubbing feature
Other Alternatives
1. Use OpenVPN (which is much better, has custom routing options, uses standard web ports, oh my)
2. Use IPSEC. Can work with CARP.
3. Consider a different firewalling platform
Protocol information
PPTP - http://www.faqs.org/rfcs/rfc2637.html
GRE - http://www.faqs.org/rfcs/rfc1701.html
