[pptp-server] Masquerading Clients in openbsd

[Jorge Santos]

Hi list

I´m having trouble masquerading a winXP pptp client that is being a
openbsd firewall. The client connects to a poptop server ona linux
machine.

The trouble is that when the firewall is rebooted, the client connects
fine, but after a few random connection it starts giving me a 619 error

My kernel is compiled without the gre support. With gre support i didn't
even ever suceeded.

Here´s the tcpdump when the connection fails:

tcpdump: listening on rl0
08:55:58.123815 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723:
S 3593451616:3593451616(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
08:55:58.213119 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496:
S 3685148651:3685148651(0) ack 3593451617 win 5840 <mss
1460,nop,nop,sackOK> (DF)
08:55:58.213390 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723:
P 1:157(156) ack 1 win 64240 (DF)
08:55:58.237934 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496:
. ack 157 win 5840 (DF)
08:55:58.245415 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496:
P 1:157(156) ack 157 win 5840 (DF)
08:55:58.245673 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723:
P 157:325(168) ack 157 win 64084 (DF)
08:55:58.275667 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496:
P 157:189(32) ack 325 win 6432 (DF)
08:55:58.280336 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723:
P 325:349(24) ack 189 win 64052 (DF)
08:55:58.286304 gre-proto-0x880B (gre encap)
08:55:58.304705 gre-proto-0x880B (gre encap)
08:55:58.304742 a212-113-183-19.netcabo.pt > xxx.xxx.xxx.xxx: icmp:
a212-113-183-19.netcabo.pt protocol 47 unreachable
08:55:58.311146 gre-proto-0x880B (gre encap)
08:55:58.311169 a212-113-183-19.netcabo.pt > xxx.xxx.xxx.xxx: icmp:
a212-113-183-19.netcabo.pt protocol 47 unreachable
08:55:58.312258 [|gre] (gre encap)
08:55:58.312281 a212-113-183-19.netcabo.pt > xxx.xxx.xxx.xxx: icmp:
a212-113-183-19.netcabo.pt protocol 47 unreachable
08:55:58.325926 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496:
F 189:189(0) ack 349 win 6432 (DF)
08:55:58.326162 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723:
F 349:349(0) ack 190 win 64052 (DF)
08:55:58.356192 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496:
. ack 350 win 6432 (DF)
08:55:58.410520 a212-113-183-19.netcabo.pt.3817 > ns2.tvcabo.pt.domain:
45311+ PTR? 4.136.54.212.in-addr.arpa. (43)
08:55:58.456269 ns2.tvcabo.pt.domain > a212-113-183-19.netcabo.pt.3817:
45311 NXDomain* 0/1/0 (98)
08:55:58.456935 a212-113-183-19.netcabo.pt.36745 > ns2.tvcabo.pt.domain:
43852+ PTR? 19.183.113.212.in-addr.arpa. (45)
08:55:58.464388 ns2.tvcabo.pt.domain > a212-113-183-19.netcabo.pt.36745:
43852* 1/0/0 (85)
08:55:59.460441 a212-113-183-19.netcabo.pt.13943 > ns2.tvcabo.pt.domain:
43256+ PTR? 226.161.113.212.in-addr.arpa. (46)
08:55:59.467564 ns2.tvcabo.pt.domain > a212-113-183-19.netcabo.pt.13943:
43256* 1/0/0 (73)
^C
24 packets received by filter
0 packets dropped by kernel


Can you help me figure it out?

Thanks in advance