In future I will migrate, but for now, i need solve this issue. I' ve tried to change tcp.closed and tcp.closing timeout but without success.
Thanks for replies. Any tips will be apprecited, Regards 2013/1/31 Aaron Mason <[email protected]> > If you can, change to a different type of VPN. Not because of the storm, > but because PPTP has been broken security-wise. Good results have been > achieved with OpenVPN. > > > On Thu, Jan 31, 2013 at 11:56 PM, R0me0 *** <[email protected]> wrote: > >> Hello misc, >> >> I've the follow situation: >> >> >> WAN ------OBSD-------LAN >> | >> |__DMZ---- 192.168.1.0/24 ---Windows 2003 - RRAS -- >> 10.20.30.x/27- VPN IP's CLIENT >> >> >> Clients connect to RRAS server and pf, filter traffic from VPN clients to >> LAN services. >> >> The problem is: when vpn clients die, PF keep state of connections and >> I've >> a storm of tcp packets with PSH flag or RST , and bandwidth traffic >> increase incredibly. >> >> when storm occurs, if executed : 'pfctl -k 10.20.30.7' , by example, storm >> stop instantly. >> >> I'm searching by incidentes, but i no founded nothing. >> >> Someone would could show me a correct direction to solve this issue ? >> >> Regards, >> >> > > > -- > Aaron Mason - Programmer, open source addict > I've taken my software vows - for beta or for worse
