[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD 3.3 and MS PPTP

To: misc@openbsd.org
Subject: Re: OpenBSD 3.3 and MS PPTP
From: Jason Dixon <jason@dixongroup.net>
Date: 24 Jun 2003 08:41:44 -0400
Organization: DixonGroup Consulting
References: <3D8A01422C35C34B83031F6B9FCB698D0316D5@server.local.condition.de> <1056457152.2744.2.camel@lappy.fuzzypenguin.net> <200306240946.08445.slash@peereboom.us>

On Tue, 2003-06-24 at 10:46, Marco Peereboom wrote:
> That's because in the past you had to. This is well documeted in the archives 
> so:

No kidding, but we're not talking about the past.  We're talking about
3.3.  Guess what, we also had IPF in the past... that's not particularly
relevant to the discussion either, now is it?

> Desc: As of OpenBSD 3.2 one does *NOT* have to recompile the kernel to 
> pass-through GRE while using PF.

Thank you for proving my point.

> Example (excerpt from my firewall that allows MSPPTP out):
> # Explicitly allow GRE connections out or the stoopid MS PPTP will not make it 
> out to the internet
> pass out on $ExtIF inet proto tcp  all flags S/SAFR keep state
> pass out on $ExtIF inet proto udp  all            keep state
> pass out on $ExtIF inet proto icmp all            keep state
> pass out on $ExtIF inet proto esp  all            keep state
> pass out on $ExtIF inet proto gre  all            keep state
> 
> Let's hope this catches some searchers :-)

I doubt it.  This is covered on the list on a weekly basis.

-J.

>  On Tuesday 24 June 2003 07:19, Jason Dixon wrote:
> > On Tue, 2003-06-24 at 08:15, Matthias Schießl wrote:
> > > There are a lot of forumthreads where they talk about recompiling the
> > > kernel without the pseudo-device gre 1 # GRE encapsulation interface for
> > > OpenBSD 3.3.
> > 
> > I wish folks would stop thinking they need to recompile the kernel for
> > gre.  The GENERIC kernel comes with gre support.
> > 
> > -bash-2.05b# grep gre /etc/sysctl.conf
> > net.inet.gre.allow=1 
> > 
> > man 4 gre
> > 
> > -J.
> > 
> > 
> > > -----Ursprüngliche Nachricht-----
> > > Von: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] Im Auftrag
> > > von Olivier Cherrier
> > > Gesendet: Dienstag, 24. Juni 2003 14:10
> > > An: Matthias Schießl
> > > Cc: misc@openbsd.org
> > > Betreff: Re: OpenBSD 3.3 and MS PPTP
> > > 
> > > 
> > > On Tue, Jun 24, 2003 at 11:53:27AM +0200, MSC@CONDITION.DE wrote:
> > > > 
> > > > Hi iam trying to get OpenBSD 3.3 working with MS PPTP but it seems 
> > > > that the pf cant route the gre packets. Does anyone knows what iam 
> > > > doing wrong.
> > > 
> > > PF is GRE capable since Feb. 2002.
> > > So, it is a problem in your config.
> > -- 
> > Jason Dixon, RHCE
> > DixonGroup Consulting
> > http://www.dixongroup.net
> > 
> > 
> 
-- 
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net

References:
- Re: OpenBSD 3.3 and MS PPTP
  - From: Matthias Schießl <msc@condition.de>
- Re: OpenBSD 3.3 and MS PPTP
  - From: Jason Dixon <jason@dixongroup.net>
- Re: OpenBSD 3.3 and MS PPTP
  - From: Marco Peereboom <slash@peereboom.us>

Prev by Date: Re: OpenBSD 3.3 and MS PPTP
Next by Date: opportunities
Prev by thread: Re: OpenBSD 3.3 and MS PPTP
Next by thread: Re: OpenBSD 3.3 and MS PPTP
Index(es):
- Date
- Thread