Transparent bridge + PF + VPN + GRE Protocol

[kevin]

Hello,

 

I am attempting to setup a PPTP VPN on a client machine that is behind a
transparent bridged FreeBSD 8.0-RELEASE PF firewall :

 

FreeBSD xx-xx 8.0-RELEASE-p4 FreeBSD 8.0-RELEASE-p4 #11: Wed Aug 18 07:10:10
EDT 2010

 

My preliminary pf.conf directives simply pass in quick and pass out quick
proto gre. Unfortunately it appears as though packets are being dropped at
the firewall level for said protocol.

 

I'd like to appeal to the collective experience here in the hopes that
someone may have a similar environment where PF + GRE + PPTP are working. 

 

Please let me know if any additional information is required.

 

Thanks,

 

Kevin

 

___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Performance problem w/pf using reply-to on FreeBSD 8.1

[Kevin Way]

After upgrading to 8.1, I'm having a severe performance problem, that's 
throttling connections down to about 5kb/sec.  The same configuration works 
flawlessly on 8.0.  The rest of the ruleset works fine, our problem is just 
with this one line.


(uname -a)
FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010
r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64


(pf.conf)

jailhost_if="vlan34"
jailhost_gateway="10.11.34.1"
jailhost_network="10.11.34.0/24"
pass in quick on $jailhost_if reply-to ($jailhost_if $jailhost_gateway) \
  from !$jailhost_network to $jailhost_network keep state label "Jailhost 
inbound"


(what happens almost instantly after a connection is initiated)

# pfctl -vvsl | grep "Jailhost inbound"
Jailhost inbound 35734 269954511 408697347239 134975646 10797967079 134978865 
397899380160




Any help would be greatly appreciated.

Regards,
Kevin Way___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"