UNIX for Advanced & Expert Users

Long story short, I have an issue with getting my VPN to connect to my w2k3 server box when I include the block all rule in my pf.conf:

block log all

Here's the output:

Apr 04 06:04:09.291697 rule 1/0(match): block in on hme0: call 3033 seq 0 gre-ppp-payload (gre encap)
Apr 04 06:04:11.288849 rule 1/0(match): block in on hme0: call 3033 seq 1 gre-ppp-payload (gre encap)
Apr 04 06:04:14.291628 rule 1/0(match): block in on hme0: call 3033 seq 2 gre-ppp-payload (gre encap)
Apr 04 06:04:17.831228 rule 1/0(match): block in on hme0: call 3033 seq 3 gre-ppp-payload (gre encap)
Apr 04 06:04:21.299914 rule 1/0(match): block in on hme0: call 3033 seq 4 gre-ppp-payload (gre encap)

@1 block drop log all
[ Evaluations: 8 Packets: 5 Bytes: 275 States: 0 ]

When I remove this rule, things seem to work w/o issue. I'm kinda' new to pf, so I included this rule after following the SOHO example in the FAQ.

Instead of posting the entire pf.conf, let me instead post the sections I think are relevant to getting PPTP working (if I made an error in this, and you need the entire file, please let me know... I just thought it would be more helpful to streamline the post):

-------------------
rdr on hme4 inet proto { udp, tcp } from any to hme4 port 1723 -> 192.168.200.2
rdr on hme4 inet proto gre from any to hme4 -> 192.168.200.2
# VPN (tcp 1723 and gre 47)
pass in quick on hme4 inet proto { udp, tcp } from any to hme1 port pptp flags S/FSRA keep state
pass in quick on hme4 inet proto gre from any to hme1 keep state

my first question would be how important “block log all” is... can I make do w/o it? It seems pretty important to me because it looks like the default deny all rule.

next, if it is important, what additional rules can I enter into the pf.conf file that will allow PPTP to work?