On Nov 22, 2007, at 11:08 AM, Lee Sharp wrote:
> Lonnie Abelbeck wrote:
>> Yes, this is normal for 1:N NAT and PPTP (GRE). With UDP and TCP,
>> NAT keeps track of the local private addresses by using the UDP/
>> TCP "port" field. PPTP's raw IP (GRE) does not have a port field
>> to mess with, so only one connection at a time will work.
>> One solution might be to provide the customer with more static
>> IP's; using 1:1 NAT in m0n0wall to provide the PPTP'ers with their
>> own public IP address. This should work around the 1:N NAT issue,
>> provided the number of PPTP users are small and known.
> Another option is an ipsec tunnel between locations. To secure it,
> have the local users pptp into the local m0n0wall. That network
> alone would have access to the ipsec link.
Lee, Great idea! That trick might have other applications as well.