On Tue, 1 Jul 2003, Serge Leschinsky wrote:
> The problem that I have is in the following: one client can connect
> to PPTP server without any troubles. But the second client can't
> connect to the same PPTP server (with error "No available port" (or
> something like that)).
> Is this a error of my configuration monowall or limitation of current
> version of firewall or ISP server configuration consequence?
It's a limitation in ipnat (ipfilter's NAT implementation) in that it does
not have a custom proxy that understands the details of a GRE tunnel (GRE
is the protocol PPTP uses to tunnel the actual data). As such, GRE looks
like a raw IP protocol to ipnat, and since it has no information like
port numbers (as with TCP/UDP) to distinguish individual connections,
there can only be one concurrent connection to the same PPTP server. It
works fine if each of your PPTP clients connects to a different PPTP
server (i.e. different IP address).
There has been some discussion about this quite a while ago; the consensus
was that an ipnat proxy would have to be written that makes use of the
session ID (or whatever it is called) in the GRE header to distinguish