On Thu, May 22, 2008 at 6:43 PM, Joshua Schmidlkofer <[EMAIL PROTECTED]> wrote: > I have pfSense 1.2-release on a multi-lan box. We have 9 Interfaces with 6 > six active. Only a single WAN, all the rest are used with dedicated leased > lines. We have IPsec in tunnel mode for several remote offices as well. > We added PPTP services, via the internal PPTP server, however we aren't able > to get any traffic through. > > First I thought it was the firewall, but now I have a any/any/any rule at > the top of the PPTP, and still nothing. Finally I tried tcpdump. > > Here is an ssh connection failing: > # tcpdump -ni ng1 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ng1, link-type NULL (BSD loopback), capture size 96 bytes > 15:12:37.823031 IP 10.1.1.176.58098 > 10.1.1.20.22: S > 3867494987:3867494987(0) win 65535 <mss 1404,nop,wscale 3,nop,nop,timestamp > 131517934 0,sackOK,eol> > 15:12:38.729693 IP 10.1.1.176.58098 > 10.1.1.20.22: S > 3867494987:3867494987(0) win 65535 <mss 1404,nop,wscale 3,nop,nop,timestamp > 131517943 0,sackOK,eol> > 15:12:39.729283 IP 10.1.1.176.58098 > 10.1.1.20.22: S > 3867494987:3867494987(0) win 65535 <mss 1404,nop,wscale 3,nop,nop,timestamp > 131517953 0,sackOK,eol> > > Here is tcpdump, watching the host 10.1.1.176 > > # tcpdump -ni bge0 host 10.1.1.176 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on bge0, link-type EN10MB (Ethernet), capture size 96 bytes > 15:12:57.760347 arp who-has 10.1.1.176 tell 10.1.1.20 > 15:12:58.760071 arp who-has 10.1.1.176 tell 10.1.1.20 > 15:13:12.778768 IP 10.1.1.176.58098 > 10.1.1.20.22: S > 3867494987:3867494987(0) win 65535 <mss 1404,sackOK,eol> > 15:13:12.780033 arp who-has 10.1.1.176 tell 10.1.1.20 > 15:13:13.780625 arp who-has 10.1.1.176 tell 10.1.1.20 > 15:13:14.780454 arp who-has 10.1.1.176 tell 10.1.1.20 > > --- > > This looks to me like we aren't actually arping for 10.1.1.176. Can anyone > offer advice? >
pfSense will proxy ARP for PPTP clients. If that were broken we definitely would have heard about it countless times by now. How do you have the PPTP server setup? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
