[ previous ] [ next ] [ threads ]
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Multiple PPTP clients behind a monowall
 Date:  Thu, 22 Nov 2007 11:23:27 -0600
On Nov 22, 2007, at 11:08 AM, Lee Sharp wrote:

> Lonnie Abelbeck wrote:
>> Adam,
>> Yes, this is normal for 1:N NAT and PPTP (GRE).  With UDP and TCP,  
>> NAT keeps track of the local private addresses by using the UDP/ 
>> TCP "port" field.  PPTP's raw IP (GRE) does not have a port field  
>> to mess with, so only one connection at a time will work.
>> One solution might be to provide the customer with more static  
>> IP's; using 1:1 NAT in m0n0wall to provide the PPTP'ers with their  
>> own public IP address.  This should work around the 1:N NAT issue,  
>> provided the number of PPTP users are small and known.
> Another option is an ipsec tunnel between locations.  To secure it,  
> have the local users pptp into the local m0n0wall.  That network  
> alone would have access to the ipsec link.
> 			Lee

Lee, Great idea!  That trick might have other applications as well.