Howto allow allow gre through IPF?

My network is sitting behind an IPF/IPNAT firewall on a FreeBSD 4.3. I'm trying to connect to a remote Windows 2000 VPN server, but my connection is blocked by my firewall with the following log entry:

ipmon[112]: 14:22:10.738774 dc0 @0:2 b 192.168.168.124 -> 207.xxx.xxx.xxx PR gre len 20 (80) OUT

What do I need to add to my IPF rules to allow GRE in and out?

Never mind. All I had to do was add:

pass in quick proto gre from xxx.xxx.xxx.xxx/32 to xxx.xxx.xxx.xxx/32

pass out quick proto gre from xxx.xxx.xxx.xxx/32 to xxx.xxx.xxx.xxx/32

OK. A new problem. Even with the rules set to allow any from any, it only allows one VPN connection at a time. I have to disconnect the currently connected user, reload ipnat, and make the new connection. Any idea how to get around this one?

Don't embarass yourself next time for asking a question that can be easily found in the FAQ.
Now please bookmark the Official IPF FAQ.

i'm always afraid of asking questions here incase i over look something stupid, i'm sure u must have made at least 1 stupid comment given the number of posts u have.....as nobodies perfect

>> i'm always afraid of asking questions here incase i over look something stupid

In order to be successful keep in mind that asking question is always your last resort. Asking a question that when the answer can be easily found indicates that you haven't spent any time and effort on trying, which is a bad learning attitude in the first place, for relying on others for living.

i have only asked a few questions

Good for you. And so far I haven't asked a single question anywhere, just because nothing is not STFW'able.

never heard that acronym before