[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Multiple PPTP clients behind a monowall
 Date:  Thu, 22 Nov 2007 11:08:59 -0600
Lonnie Abelbeck wrote:
> Adam,
> 
> Yes, this is normal for 1:N NAT and PPTP (GRE).  With UDP and TCP, NAT 
> keeps track of the local private addresses by using the UDP/TCP "port" 
> field.  PPTP's raw IP (GRE) does not have a port field to mess with, so 
> only one connection at a time will work.
> 
> One solution might be to provide the customer with more static IP's; 
> using 1:1 NAT in m0n0wall to provide the PPTP'ers with their own public 
> IP address.  This should work around the 1:N NAT issue, provided the 
> number of PPTP users are small and known.

Another option is an ipsec tunnel between locations.  To secure it, have 
the local users pptp into the local m0n0wall.  That network alone would 
have access to the ipsec link.

			Lee