[ previous ] [ next ] [ threads ]
 
 From:  Vincent Jardin <vjardin at wanadoo dot fr>
 To:  Manuel Kasper <mk at neon1 dot net>, Serge Leschinsky <serge at artlife dot tomsknet dot ru>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] several PPTP client via NAT simultaneously
 Date:  Tue, 1 Jul 2003 21:41:44 +0200
What's about natd ? According to the source code, it should support pptp. 


> Hi Serge,
>
> On Tue, 1 Jul 2003, Serge Leschinsky wrote:
> >  The problem that I have is in the following: one client can connect
> > to PPTP server without any troubles. But the second client can't
> > connect to the same PPTP server (with error "No available port" (or
> > something like that)).
> >
> > Is this a error of my configuration monowall or limitation of current
> > version of firewall or ISP server configuration consequence?
>
> It's a limitation in ipnat (ipfilter's NAT implementation) in that it does
> not have a custom proxy that understands the details of a GRE tunnel (GRE
> is the protocol PPTP uses to tunnel the actual data). As such, GRE looks
> like a raw IP protocol to ipnat, and since it has no information like
> port numbers (as with TCP/UDP) to distinguish individual connections,
> there can only be one concurrent connection to the same PPTP server. It
> works fine if each of your PPTP clients connects to a different PPTP
> server (i.e. different IP address).
>
> There has been some discussion about this quite a while ago; the consensus
> was that an ipnat proxy would have to be written that makes use of the
> session ID (or whatever it is called) in the GRE header to distinguish
> individual sessions.
>
> HTH,
>
> Manuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch