If you can, change to a different type of VPN. Not because of the storm, but because PPTP has been broken security-wise. Good results have been achieved with OpenVPN.
On Thu, Jan 31, 2013 at 11:56 PM, R0me0 *** <[email protected]> wrote: > Hello misc, > > I've the follow situation: > > > WAN ------OBSD-------LAN > | > |__DMZ---- 192.168.1.0/24 ---Windows 2003 - RRAS -- > 10.20.30.x/27- VPN IP's CLIENT > > > Clients connect to RRAS server and pf, filter traffic from VPN clients to > LAN services. > > The problem is: when vpn clients die, PF keep state of connections and I've > a storm of tcp packets with PSH flag or RST , and bandwidth traffic > increase incredibly. > > when storm occurs, if executed : 'pfctl -k 10.20.30.7' , by example, storm > stop instantly. > > I'm searching by incidentes, but i no founded nothing. > > Someone would could show me a correct direction to solve this issue ? > > Regards, > > -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
