I'm trying to connect a Windows XP Sp2 (yes I know) box to a Win2k
Server using PPTP across two firewalls. i.e.
Logical layout
[Win XP] ---- IP/1723 GRE(47) ----> [Firewall 1] ----- Internet ----
[Firewall 2]------> [Win2k PPTP endpoint]
Now for my first test Firewall 1 was a Linux 2.6.10 (ubuntu 5.04)
box, and Firewall 2 was 3.7-current from last month.
As you can see the newly OBSD FW1 is allowing the same traffic out as
the Linux box however for some reason FW2 no longer correctly tracks
the state of the GRE service instead seeing it as a new connection
and dropping the packets.
Has anyone any clue why this is happening?
PPTP needs application-specific knowledge to NAT the packets correctly
(IP addresses are carried in the protocol data). afaik most other OS do
this in-kernel, but OpenBSD takes a different approach for this type of
thing (cf ftp-proxy).
You could try <http://www.placid.tv/pie.php?page=FrickinPPTP>...
