[ previous ] [ next ] [ threads ]
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Cc:  Adam Armstrong <lists at memetic dot org>
 Subject:  Re: [m0n0wall] Multiple PPTP clients behind a monowall
 Date:  Thu, 22 Nov 2007 10:53:50 -0600

Yes, this is normal for 1:N NAT and PPTP (GRE).  With UDP and TCP,  
NAT keeps track of the local private addresses by using the UDP/TCP  
"port" field.  PPTP's raw IP (GRE) does not have a port field to mess  
with, so only one connection at a time will work.

One solution might be to provide the customer with more static IP's;  
using 1:1 NAT in m0n0wall to provide the PPTP'ers with their own  
public IP address.  This should work around the 1:N NAT issue,  
provided the number of PPTP users are small and known.


On Nov 22, 2007, at 10:30 AM, Adam Armstrong wrote:

> Hi,
> I have a customer using our ethernet-based "broadband" service in a  
> managed office building we provide connectivity to.
> In their office we provide them with a m0n0wall device with  
> basically the default config providing NAT and DHCP. The firewall  
> has a static IP on the WAN interface and the default  
> on the LAN interface providing DHCP.
> The customer reports that they can only create one PPTP tunnel at a  
> time to their PPTP server at another site.
> Is this normal? I'm sure I've had multiple PPTP sessions open  
> before, but they were perhaps to multiple remote servers. If it's a  
> NAT limitation, are there any workarounds?
> Thanks in advance,
> Adam.