Bug #1336
closed
PPTP VPN NAT on WAN or other external interface
Added by Zeev Zalessky over 13 years ago.
Updated about 13 years ago.
Affected Architecture:
amd64
Description
I have PPTP server on 2.0-RC1 latest build. i have multiple internal and external interfaces.
I have following problems:
1. PPTP Client not receive gateway IP, MASK is 255.255.255.255
2. NAT is not working.
3. tcpdump show wrong checksum errors, for example received checksum is 12AC calculated checksum AC12
Files
- Priority changed from High to Normal
probably not a legit bug there (item 1 is how PPTP works, item 2 is not true and looks like a config problem in your case, item 3 is probably a consequence of how you're capturing traffic). but will leave this here for now until it can be tested.
i tested. NAT is working but some thing wrong with checksum calculation. as i see traffic is dropped by first WAN router because of wrong checksum. checksum calculation not done by NIC (Disable hardware checksum offload
is checked).
Hi,
Just installed second server with same version but i386 and not amd64 and this problem not exists. so, need to check the problem with PPTP VPN client (Windows 7 32bit),PPTP server on pfSense 2.0 RC1 amd64 and multi-wan NAT. according to packet capture all packets that come from pptp to wan are with bad checksum. i'll add packet capture later.
Yes,I also encountered the same problem.
My Test environment Attachment Page1.jpg
1. Wan2 Rules: Open WAN2 Port GRE and PPTP Service port.
2. 1:1 NAT mapping 1 public ip to PPTP server ip(192.168.1.200)
3. Lan and Lan2 Rules: proto(any),source/port(any),destination/port(any),gateway(default)
Test Results(Page02.jpg)
A. 1.2.3 release: Ok!!, User vpn to pptp server is OK and More networks at the same time possible.
B. 2.0 RC1: Error, User vpn to pptp server is ok but when use till 30 to 180 seconds after the Internet will not and can not ping to the pptp server and Lan2 gateway. If the Test User move Lan2, it can connet the normal Internet.
I am unable to get the most modern 2.0 RC1 amd64 build to route PPTP VPN traffic to the web. Version 1.2.3 works fine. I assume this is part of this issue. I did not test 2.0 RC1 i386 but I assume it has the same issue.
I should also mention, I do not have multi-WAN setup. So this issue does not appear to be limited to multi-WAN setups.
The problem is related to 64 bit only.
I use pfSense 2.0 RC1 i386 with multi-WAN in my production environment, I meet the same issue. Is there any solution for this issue? Any suggestion will be appreciated
the problem caused by removing pptp patch by Eric at 16/3. you cansolve route problem at 32 bit version by using version before 16/3 or by building private build with pptp patch. 64 bit version has problem with checksum calculation
I have setup multiple PPTP servers on i386 within the last week, and it worked fine, including NAT out to the Internet.
On amd64 however I can confirm that the checksums are bad, they appear to be byte swapped.
Wireshark shows:
Header checksum: 0x6181 [incorrect, should be 0x8161]
I can confirm Jim P's analysis. On VMWare, i386 works fine, amd64 does not.
- Status changed from New to Feedback
It works for me with Ermal's patch directly applied. Once snapshots with this fix are uploaded, others can test.
- Status changed from Feedback to New
Switching this back to New since the patch had to be backed out for now - it appears to have been negatively impacting pppoe on amd64.
- Status changed from New to Closed
this is the same as #1107, closing in favor of that one.
Test 2.0-Release This problem has been resolved.
Thank you pfsense team effort.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
