>>I've tried with ``pass-everything'' and it's the same. :(
> 
> You mean 'pass in all / pass out all'?
> 
> Specificly, PPTP needs the GRE protocol (IP proto 47).  It's not related to
> either UDP or TCP, it is very specific.

yes, I have `pass in proto gre` / `pass out proto gre`
(without gre it's not possible to connect to the PPTP server at all)

> There should be a line for the GRE protocol that would look like this:
> 
> MAP 10.0.1.1  <- -> 193.224.190.1  [195.70.36.136]
> 
> Also, add -v to have a bit more of information.
 >
> Yes, that probably is the sign that GRE packets get blocked.  You can
> check that incoming GRE packets arrive with 'tcpdump -i <outbound iface>
> proto gre'.

bah... I played with `ipnat -l` a bit, and yes... there's a line for the
gre mapping like this...

MAP 10.0.1.1  <- -> 193.224.190.1  [195.70.36.136]

... only for a moment after the connection was established, and while 
the client is sending data, not more.

(I only did `ping'-tests, and it's hard to catch when there's no 
continous data transfer)

Any idea?

-- 
Egerváry Gergely
egervary@expertlan.hu