Windows7 drops PPTP Connections

I was trying to create a simple PPTP remote connection solution for a project. I was using PPTP because it's simple, supported by Windows, OSX, and Linux very easily and being an "internal" use, security was not a concern. I thought this was simple, but to my surprise the Windows system in testing would consistently disconnect when trying to transfer a large file.

I started digging. At first I thought an MTU issue as those are common sources of PPTP connection problems. Then I thought it might have been encryption related. I did notice that by turning off encryption I had almost not failures. However I found this article:

http://old.nabble.com/Random-disconnects-when-using-Windows-7-PPTP-VPN-c...

I stopped short of doing my own packet capture to confirm, but the article says Windows7 periodically sends an ICMP message which causes the tunnel to drop. The workaround suggested was to enable the Windows7 firewall which blocks those messages by default. Unfortunately enabling Windows Firewall is not an option because of a 3rd party managed solution that is in use.

What I did end up doing was blocking this specific type of ICMP message at the firewall of my PPTPD server itself. Then in testing, I was able to execute my tests over 10+ successful times without a single dropped connection. Below is essentially what I did ...

 name block-icmp23 {
     default-action accept
     description "Fix for WindowsPPTP dropping"
     rule 99 {
         action drop
         icmp {
             code 2
             type 3
         }
         protocol icmp
     }
 }