SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002253: Firewall not passing GRE packets - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002253Endian FirewallFirewall (iptables)public2009-10-08 13:342010-09-23 15:30
taiello 
 
normalblockalways
acknowledgedopen 
2.2 
 
0002253: Firewall not passing GRE packets
I have two rules set up - one to pass tcp 1723 and another to pass Protocol 47 GRE to a single server running RRAS. Endian is not allowing GRE packets through to the server. I have confirmed this with the MS utilities pptpsrv and pptpclnt. The test makes a connection over 1723 but cannot get any packets to pass with GRE.

ANY suggestions would be greatly appreciated. I don't want to re-do the fireall with IPcop or Smoothwall at this point but we need PPTP VPN availability.

Am I missing something?
No tags attached.
duplicate of 0002991closed  PPTP VPN Port Forwarding is not working 
Issue History
2009-10-08 13:34taielloNew Issue
2009-10-08 13:34taielloAssigned To => peter-endian
2009-10-08 14:27peter-endianNote Added: 0003084
2009-10-08 14:27peter-endianAssigned Topeter-endian =>
2009-10-08 14:27peter-endianStatusnew => feedback
2009-10-08 14:29taielloNote Added: 0003085
2009-10-23 01:26sifi986Note Added: 0003136
2009-10-29 16:57peter-endianNote Added: 0003181
2009-10-29 17:01taielloNote Added: 0003182
2009-10-29 17:08luca-endianNote Added: 0003183
2009-11-09 05:49sifi986Note Added: 0003267
2009-11-09 06:20sifi986Note Deleted: 0003267
2009-11-09 08:46luca-endianNote Added: 0003268
2009-11-12 18:03taielloNote Added: 0003300
2009-12-03 15:19taielloNote Added: 0003508
2010-09-23 15:30peter-endianRelationship addedduplicate of 0002991
2010-09-23 15:30peter-endianStatusfeedback => acknowledged

Notes
(0003084)
peter-endian   
2009-10-08 14:27   
is t his a port forward or are you connecting from green to a pptp server in red?
(0003085)
taiello   
2009-10-08 14:29   
Sorry - this is a port forward from red to green.
(0003136)
sifi986   
2009-10-23 01:26   
I also can confirm this problem on two seperate EFW2.2 firewalls.
I have the same two rules setup on EFW 2.2. To port forward from internet (red) to lan (green) for a pptp server on green, TCP 1723 and GRE and am unable to authenticate/connect due to GRE packets not passing to server via EFW firewall.
(0003181)
peter-endian   
2009-10-29 16:57   
can anyone confirm this issue also for 2.3?
(0003182)
taiello   
2009-10-29 17:01   
I can. After my 2.2 experience I went to 2.3 which did work for a while (a day) but has since stopped.

Interestingly, I use 2.2 on my personal home network and the VPN works fine so I'm not sure what the deal is here. I'm going to mount an ISA server as a test to make sure it's not provider related.
(0003183)
luca-endian   
2009-10-29 17:08   
modem/router related is more likely than provider related IMHO
(0003268)
luca-endian   
2009-11-09 08:46   
How are configured the two uplinks? In bridge mode?
Are the two modems/routers identical?
(0003300)
taiello   
2009-11-12 18:03   
The uplinks are default - I haven't changed anything there since install. How do I check what mode they are in?

The two modems/routers are not identical but I know that both ISP services are wide open to each firewall.
(0003508)
taiello   
2009-12-03 15:19   
I thought I had it figured out by adding the GRE rule to the "System Access" section in Firewall. It worked for about 12 hours and then stopped working.