Client is not able to establish a PPTP tunnel with a Server through Virtual System with enabled CoreXL and Hide NAT configuration:
Client ---(PPTP)--- [ VS, CoreXL, Hide NAT for Client ] ---(PPTP)--- Server
FW Monitor on relevant Virtual System shows that PPP Link Control Protocol (LCP) packets sent from PPTP Server back to the Client are Incorrectly NATed (the NAT Source IP address is seen at Pre-Inbound chain "i" and a different original address at Post-Inbound chain "I").
Kernel debug on relevant Virtual System shows that PPP LCP packets sent from PPTP server back to the client:
are not NATed
matched on different CoreXL FW Instance than the original connection
Disabling CoreXL on relevant Virtual System resolves the issue.
Due to the IPS protection 'Non Compliant PPTP', GRE packets (PPTP) that should undergo NAT are not processed correctly by the CoreXL on Virtual Systems.