PPTP Troubleshooting

Warning

PPTP is no longer considered a secure VPN technology because it relies upon MS-CHAPv2 which has been compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.

More information on this can be found at:

As the above warning states, PPTP should not be used any longer due to its completely broken encryption and lack of security, in addition to its long history of trouble as a VPN.

Other Alternatives

  1. Use OpenVPN
  2. Use IPsec
  3. Use another VPN type
  4. Consider a different VPN type on another platform

Troubleshooting GRE and PPTP

Multiple Outbound Connections to the Same External PPTP Server

pf does not have any capabilities of tracking more than one GRE connection per public IP per external host. That is, if the entire internal network gets NAT applied using the same public WAN IP, only one internal machine can connect to a given external GRE source. For PPTP, this means only one PC can connect to a given outside PPTP server at a time.

Work-arounds:

  • Use 1:1 or outbound NAT with multiple public IP’s

Other tips

  • In System > Advanced, on the Firewall/NAT tab, check Disable Firewall Scrub.