PPTP NAT passthrough

Szél Gábor Tue, 25 Feb 2020 12:08:52 -0800

Dear @misc

Our customer need more parallel outgoing PPTP session.

I know PPTP is no security VPN, but our client not have any options.(our customer remote partner accept only PPTP VPN ...)

OpenBSD PF can't use parallel PPTP session. First session is NAT-ed, butsecond session is broken.

I know OpenBSD not supported PPTP NAT passthrough.

I found two, very old PPTP proxy for openbsd:

 * https://github.com/crvv/pptp-proxy
   This is ftp-proxy fork(?)
 * https://sourceforge.net/projects/frickin/

frickin 1.x working only fix remote PPTP address, not good for me.
frickin 2.x (beta) not compiled on oBSD 6.6.

pptp-proxy is compiled, and started, but not working.
We tested very simple pf.conf (NAT, and some rules)

pass in quick log on $int_if proto gre from any to ! $int_if:0 rdr-to127.0.0.1pass in quick log on $int_if proto tcp from any to ! $int_if:0 port 1723rdr-to 127.0.0.1 port 2317


pptp-proxy is accepted session, but not working.
(in tcpdump only 2 outgoing, 1 inbound packet found)

Does anyone know a working solution for PPTP NAT passthrough?

In openbsd based securityrouter.org firewall a found PPTP-Proxy support:
https://securityrouter.org/wiki/Comparison
But I don't know what to use.

--
Üdvözlettel,
Szél Gábor

WanTax Kft.
------------
tel.: +36 20 3838 171
fax: +36 82 357 585
email: gabor.s...@wantax.hu
web: http://wantax.hu
web: http://halozatom.hu

PPTP NAT passthrough

Reply via email to