Bug #1151
closed
Outgoing pptp Traffic-Flow stops after a while
0%
Description
After bringing up a pptp-connection to a remote network, traffic seems to be blocked after a while, but the tunnelstatus is still up.
I'm using pfsense 2.0 beta5 on my side and different fw on the other
In the Firewall-Log there are some entries with blocked gre traffic, initiated from the remote host.
So I created a rule, permitting inbound gre, but the problem continues, although the log file is fine.
I assume, that the state get lost or something like this, but my understanding of that is very little.
This error is alway occuring when connecting to a pptp-Server behind a Nat-Router.
I connected to another pptp-Server which was running directly on the remote-GW (dont know if NAT is used there, maybe not cause Server is listening on Wan-side)and the connection works well.
Very strange, but I only have this problem when using PFSense.
Any ideas, or suggestions where to start?
Updated by Waldo Nell almost 14 years ago
Please see this thread for additional information - I have the exact same issue: http://forum.pfsense.org/index.php/topic,30890.0.html
Updated by Christian Schwarz almost 14 years ago
Thank you for the link.
Workarround seems to work in my environment, cause I just have one client, needing the pptp connection.
So I can continue, using this wonderful beta.
Greetings from Germany
Updated by Chris Baker almost 14 years ago
2.0BETA5 Built on 1/7/11 still has this problem. My current work around is to do a constant ping to something on the remote network to keep the connection alive.
Updated by Ermal Luçi almost 14 years ago
- Status changed from New to Feedback
Committed a fix just now.
Grab a snapshot from tomorrow and test.
Updated by Chris Baker almost 14 years ago
Just updated to the latest versions the morning of 1/19 and in the afternoon, both versions introduced system lockups so I was unable to test the vpn for stability
Updated by Stefan Pinson almost 14 years ago
I updated on 1/19 as well and my PPTP VPN stability issue seemed to be resolved. But, as Chris stated above, I am having system lockups since the update and have had to do a hard reset on the system twice in the last 24 hours. I have been running the 2.0 Beta for over a month and this is the first time I have ever had to do a hard reset.
Updated by Jim Pingle almost 14 years ago
The lockup issue is likely separate. The forum thread for that is here: http://forum.pfsense.org/index.php/topic,32458.html
Try the suggestions in the thread if you can.
Updated by Ermal Luçi almost 14 years ago
- Status changed from Feedback to Resolved
Updated by Chris Buechler over 13 years ago
yes. if it's marked as resolved, it's resolved.
Updated by George M over 13 years ago
Hmm... I use the RC1 (i386) version and have this problem, that's the reason I asked. The pptp Traffic-Flow stops after a few minutes but when I - for example - send constant pings to a system on the remote network everything is okay.
Updated by George M over 13 years ago
I think the problem is that I use a Bridge between LAN and OPT1. I have 3 interfaces
WAN
LAN
OPT1
The WAN-Interface has of course it's own subnet.
The LAN-Interface shares the subnet with the OPT1-Interfaces via a Bridge, so the OPT1-Interface has no IP-Address only the LAN-Interface.
It's not a problem to reach via PPTP systems on the LAN-Interface, the traffic flow never stops but for systems on the OPT1-Interfaces it's different, I have to create a constant traffic - for example I ping a system behind the OPT-Interface - or the traffic flow stops after a few minutes. I still can reach systems behind the LAN-Interface when the traffic flow to the OPT1 interface stops.
Updated by Chris Buechler over 13 years ago
actually I was wrong, this wasn't fixed in the official RC1 release, it's been in snapshots since early March though.
Updated by George M over 13 years ago
I use now the version '2.0-RC1 (i386) built on Thu May 5 18:22:32 EDT 2011' and it's still the same behavior, the traffic flow stops after a few minutes to the systems on the OPT1 interface. Looks like the bug is still there.