|
||||||||||
On Apr 10, 2009, at 9:24 AM, Michael Graves wrote: > On Thu, 9 Apr 2009 17:27:43 -0500, Lonnie Abelbeck wrote: > >> >> On Apr 9, 2009, at 5:02 PM, Michael Graves wrote: >> >>> Sirs, >>> >>> I've used monowall for years. I recommended it to an associate but >>> they've run into some trouble relating to VPN connectivity. With a >>> little Linksys WRT series router they can sustain several PPTP VPN >>> connections to our head office in the UK. With m0n0wall running they >>> can only establish one VPN connection to each of our VPN servers. >>> >>> My experience in my home office relfects this as well. But since we >>> have two VPN servers I can run two instances of Outlook by simply >>> logging each PC into a different VPN server. >>> >>> I know that I could put up a persistent VPN tunnel between the UK >>> and >>> our router, but they'd rather not do that. >>> >>> How do I configure m0n0wall so that it will permit multiple inside >>> PCs >>> to establish VPN tunnels to a single far-end server? >>> >>> Many Thanks, >>> >>> Michael >> >> Michael, >> >> My guess this is a NAT issue. >> >> PPTP uses the raw IP (GRE) for transport, and since it is not TCP/UDP >> there is no 'port' to map from private to public and back again. As >> soon as the first PPTP outgoing is established, the second outgoing >> will route all returning GRE to the first tunnel. >> >> One solution may be to have separate static IP address (1:1 NAT) for >> each private LAN user. >> >> The better solution is to use OpenVPN :-) >> > > How would a little Linksys WRT handle this? And m0n0wall doesn't? > > I know that OpenVPN would better, but I can't force any changes at the > other end. I have to live with the VPN servers as they are for now. > > Michael > How would a little Linksys WRT handle this? And m0n0wall doesn't? Good question. Possibly Linux has a 'smarter' NAT when dealing with GRE? http://tldp.org/HOWTO/IP-Masquerade-HOWTO/vpns.html Lonnie |