brlancer's Journal: PPTP through IPFW

I had to configure outbound PPTP access this week, and my base IPFW ruleset didn't allow it. I found one page with mostly good information, but it wasn't 100% and didn't explain it clearly enough for me to extrapolate what I needed.

To get a PPTP VPN outbound working, you need to allow TCP service PPTP (port 1723) and GRE inbound and outbound from/to the client/server IP's, plus allow outbound from the external IP of the firewall. So here you go:

#
# fwcmd - "ipfw" with options
# oip - external ip of the firewall
# oif - external interface of the firewall
# vpnserv - ip of the VPN server # vpnclient - ip of the VPN client #
${fwcmd} add allow tcp from any to any established
${fwcmd} add allow tcp from ${vpnclient} to ${vpnserv} 1723 out via ${oif} setup
${fwcmd} add allow tcp from ${vpnserv} to ${vpnclient} 1723 in via ${oif} setup
${fwcmd} add allow gre from ${oip} to ${vpnserv} out via ${oif}
${fwcmd} add allow gre from ${vpnclient} to ${vpnserv} out via ${oif}
${fwcmd} add allow gre from ${vpnserv} to ${vpnclient} in via ${oif}