[ previous ] [ next ] [ threads ]
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] VPN tunnels
 Date:  Thu, 9 Apr 2009 17:27:43 -0500
On Apr 9, 2009, at 5:02 PM, Michael Graves wrote:

> Sirs,
> I've used monowall for years. I recommended it to an associate but
> they've run into some trouble relating to VPN connectivity. With a
> little Linksys WRT series router they can sustain several PPTP VPN
> connections to our head office in the UK. With m0n0wall running they
> can only establish one VPN connection to each of our VPN servers.
> My experience in my home office relfects this as well. But since we
> have two VPN servers I can run two instances of Outlook by simply
> logging each PC into a different VPN server.
> I know that I could put up a persistent VPN tunnel between the UK and
> our router, but they'd rather not do that.
> How do I configure m0n0wall so that it will permit multiple inside PCs
> to establish VPN tunnels to a single far-end server?
> Many Thanks,
> Michael


My guess this is a NAT issue.

PPTP uses the raw IP (GRE) for transport, and since it is not TCP/UDP  
there is no 'port' to map from private to public and back again.  As  
soon as the first PPTP outgoing is established, the second outgoing  
will route all returning GRE to the first tunnel.

One solution may be to have separate static IP address (1:1 NAT) for  
each private LAN user.

The better solution is to use OpenVPN :-)