lars, thanks for the reply. as for the pptp implementation, I just wanted to make PF do this (pass-through) like what other packet filtering (iptables, even PIX) can do. I know how unsafe this implementation is, but the site where we are currently getting this pptp connection to, is an old branch office and i don't manage their network. they are moving to the new facility where i have my pf firewalls in place, they need this pptp pass-through during transition as soon as everybody is moved here we can easily let this pptp go. on the other side of things it would be nice to make PF do this pptp pass through, it makes pf more of a over-all packet filter that can basically do "anything"
and personally .. it may sound like a joke here but .. with all of pf's features .. i kinda envy crappy routers like LINKSYS that can do PPTP pass-through and our beloved pf(4) can't -b On Nov 20, 2007 12:51 AM, Lars Noodin <[EMAIL PROTECTED]> wrote: > Beavis wrote: > > ... I'm trying to run multiple pptp > > connections behind my 2 PF/carp firewalls. ... > > You should not be using PPTP. You have your choice, IPsec with > encryption or SSL with encryption: > http://www.vpnc.org/vpn-standards.html > > Allowing PPTP inside your LAN is to encourage use of insecure methods > and technologies that *cannot* be secured. > > You've got to move to IPsec sometime, why not now? > > If you are dealing with Apple, it may be helpful to reference earlier > bug reports regarding that serious security flaw. I myself filed > problem ID #5517198, but that is marked as a duplicate of #4316417. > > We'll see if they can be assed to fix the gaping holes in the system. > > Regards, > -Lars
