[ previous ] [ next ] [ threads ]
 
 From:  "Josh McAllister" <josh at bluehornet dot com>
 To:  "Levi Masterson" <lmasterson at hcocntf dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] PPTP Passthrough (and multiple outbound PPTP clients)?
 Date:  Wed, 12 Jan 2005 10:23:06 -0800 
There may be a more elegant work around, but what I resorted to in a
similar situation (though it was only 2 clients behind m0n0 -> single
pptp server) was to setup the pptp server to listen on multiple IPs.
Then each client would connect on a different IP. Another variation of
this concept I have NOT tried that may work is to use Advanced outbound
NAT to NAT each client to a separate IP. I realize this may not be
practical and depending on your network topology, may not even be
possible, but it's one way to do it.

FEATURE REQUEST:
Other than better connection tracking, another way to solve this in m0n0
would be if m0n0 could act as a PPTP client. It can do this for a WAN
connection already, so AFAIK it shouldn't be TOO much work to add this
as a feature. In order for this to be useful, we'd also need the ability
to setup static routes via the PPTP interface that were brought up after
the PPTP connection was established.

Regards,

Josh McAllister

-----Original Message-----
From: Levi Masterson [mailto:lmasterson at hcocntf dot org] 
Sent: Wednesday, January 12, 2005 10:41 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] PPTP Passthrough (and multiple outbound PPTP
clients)?

I've recently started having (or just started noticing) issues with
multiple
users trying to connect to remote PPTP VPN servers from within my
network.

I have 6 users that sit on the LAN side of my m0n0wall that need to have
simultaneous access to a PPTP server across the WAN (internet)
interface.

I did some reading back in the archives, and it looks like there were
issues
with this back a year or so ago because of how FreeBSD could not track
and
properly NAT multiple PPTP connections.


Is this still the case?  If so, does anyone have a suggestion on how to
work
around this problem other than resurrecting my monster 1U firewall
running
Linux+ IPTables + PPTP Conntrack?  It worked like a champ since it was
built
and deployed, but I think m0n0's nice interface has made me lazy.


--Levi

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch