Re: OpenBSD 3.3 and MS PPTP

[Marco Peereboom <slash@peereboom.us>]

That's because in the past you had to. This is well documeted in the archives 
so:

Keyword: MSPPTP MS-PPTP MS PPTP GRE ESP PF OpenBSD 3.2 3.3

Desc: As of OpenBSD 3.2 one does *NOT* have to recompile the kernel to 
pass-through GRE while using PF.

Example (excerpt from my firewall that allows MSPPTP out):
# Explicitly allow GRE connections out or the stoopid MS PPTP will not make it 
out to the internet
pass out on $ExtIF inet proto tcp  all flags S/SAFR keep state
pass out on $ExtIF inet proto udp  all            keep state
pass out on $ExtIF inet proto icmp all            keep state
pass out on $ExtIF inet proto esp  all            keep state
pass out on $ExtIF inet proto gre  all            keep state

Let's hope this catches some searchers :-)

 On Tuesday 24 June 2003 07:19, Jason Dixon wrote:
> On Tue, 2003-06-24 at 08:15, Matthias Schießl wrote:
> > There are a lot of forumthreads where they talk about recompiling the
> > kernel without the pseudo-device gre 1 # GRE encapsulation interface for
> > OpenBSD 3.3.
> 
> I wish folks would stop thinking they need to recompile the kernel for
> gre.  The GENERIC kernel comes with gre support.
> 
> -bash-2.05b# grep gre /etc/sysctl.conf
> net.inet.gre.allow=1 
> 
> man 4 gre
> 
> -J.
> 
> 
> > -----Ursprüngliche Nachricht-----
> > Von: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] Im Auftrag
> > von Olivier Cherrier
> > Gesendet: Dienstag, 24. Juni 2003 14:10
> > An: Matthias Schießl
> > Cc: misc@openbsd.org
> > Betreff: Re: OpenBSD 3.3 and MS PPTP
> > 
> > 
> > On Tue, Jun 24, 2003 at 11:53:27AM +0200, MSC@CONDITION.DE wrote:
> > > 
> > > Hi iam trying to get OpenBSD 3.3 working with MS PPTP but it seems 
> > > that the pf cant route the gre packets. Does anyone knows what iam 
> > > doing wrong.
> > 
> > PF is GRE capable since Feb. 2002.
> > So, it is a problem in your config.
> -- 
> Jason Dixon, RHCE
> DixonGroup Consulting
> http://www.dixongroup.net