[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 2nd management login
 Date:  Thu, 15 Jun 2006 13:26:13 -0400 
On 6/15/06, Alain Fauconnet <alain at ait dot ac dot th> wrote:
>
> Er... you sure? are you really talking about PPTP and not about IPSEC?

Well, you could say the same about either/or.  PPTP is more
troublesome than IPsec because IPsec VPN's usually have NAT-T
capabilities which works around most issues (if we're still talking
about the client being behind NAT).


> > And many firewalls break or block outbound GRE in their default NAT
> > configuration, hence breaking PPTP.
>
> That could be an issue, but I have never been bitten by one of these
> "many".
>

Cisco PIX is one example I can think of offhand that you'll find in a
lot of places.  The infamous 619 error from the Windows PPTP client is
caused by breakage or blockage of GRE, and if you check the archives
you'll see it comes up all the time with a wide variety of
NAT/firewall devices.

-Chris