[ previous ] [ next ] [ threads ]
 From:  Alain Fauconnet <alain at ait dot ac dot th>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 2nd management login
 Date:  Thu, 15 Jun 2006 14:18:19 +0700
On Thu, Jun 15, 2006 at 12:35:22AM -0400, Chris Buechler wrote:
> On 6/14/06, Walter PC <walterpc at mchsi dot com> wrote:
> >
> >M0n0wall is a perfect example of a VPN server that does not play well with
> >clients that are behind a NAT.
> >
> Technically correct, but misleading.  PPTP is an example of a VPN
> protocol that does not play well with NAT.  Doesn't matter if it's
> m0n0wall or anything else.

Er... you sure? are you really talking about PPTP and not about IPSEC?
I have dozens of clients behind NAT ADSL routers, on shared dial-ups
(Windows' own connection sharing, Wingate, Winroute or Linux boxes
in MASQ configration) that connect to our
Cisco AS5300 for VPDN (which is essentially PPTP) and it works fine.
Of course in that case the client is behind the NAT and not the
server, but that's what you were considering above.

Or am I missing something here?

> And many firewalls break or block outbound GRE in their default NAT
> configuration, hence breaking PPTP.

That could be an issue, but I have never been bitten by one of these