check if PPTP/GRE packets are being filtered from Toronto office?

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps: Office ACL Requests
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: vlad, Assigned: XioNoX)

Tracking

Details

I'm trying to make a connection to a PPTP VPN from my computer in the Toronto office (connected via ethernet, not wireless).  I've never been able to successfully connect, either from my desktop or my phone.  The connection authenticates fine, but then drops saying that the connection could not be established. (Note that I can connect to the VPN fine from most other locations, including over the cell phone network.)

The VPN uses GRE protocol packets for tunneling (IP protocol 47) -- are we perhaps filtering GRE packets at the firewall?  That's what it seems like, given that the initial connection and auth on port 1723 works fine.  If so, can we disable that filtering?

Thanks!
(Assignee)

Updated

3 years ago
Assignee: network-operations → arzhel
(Assignee)

Comment 1

3 years ago
That is due to persistent NAT not playing well with GRE, we don't filter anything.

I "disabled" persistent NAT for GRE, please reopen if you're still experiencing the issue.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Ah ha! Cool, will give it a shot when I'm in the office next (offsite meetings atm).  Thanks!
You need to log in before you can comment on or make changes to this bug.