Yes, this is normal for 1:N NAT and PPTP (GRE). With UDP and TCP,
NAT keeps track of the local private addresses by using the UDP/TCP
"port" field. PPTP's raw IP (GRE) does not have a port field to mess
with, so only one connection at a time will work.
One solution might be to provide the customer with more static IP's;
using 1:1 NAT in m0n0wall to provide the PPTP'ers with their own
public IP address. This should work around the 1:N NAT issue,
provided the number of PPTP users are small and known.
On Nov 22, 2007, at 10:30 AM, Adam Armstrong wrote:
> I have a customer using our ethernet-based "broadband" service in a
> managed office building we provide connectivity to.
> In their office we provide them with a m0n0wall device with
> basically the default config providing NAT and DHCP. The firewall
> has a static IP on the WAN interface and the default 192.168.1.1/24
> on the LAN interface providing DHCP.
> The customer reports that they can only create one PPTP tunnel at a
> time to their PPTP server at another site.
> Is this normal? I'm sure I've had multiple PPTP sessions open
> before, but they were perhaps to multiple remote servers. If it's a
> NAT limitation, are there any workarounds?
> Thanks in advance,