[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Cc:  Michael Graves <mgraves at mstvp dot com>
 Subject:  Re: [m0n0wall] VPN tunnels
 Date:  Fri, 10 Apr 2009 09:44:57 -0500
On Apr 10, 2009, at 9:24 AM, Michael Graves wrote:

> On Thu, 9 Apr 2009 17:27:43 -0500, Lonnie Abelbeck wrote:
>
>>
>> On Apr 9, 2009, at 5:02 PM, Michael Graves wrote:
>>
>>> Sirs,
>>>
>>> I've used monowall for years. I recommended it to an associate but
>>> they've run into some trouble relating to VPN connectivity. With a
>>> little Linksys WRT series router they can sustain several PPTP VPN
>>> connections to our head office in the UK. With m0n0wall running they
>>> can only establish one VPN connection to each of our VPN servers.
>>>
>>> My experience in my home office relfects this as well. But since we
>>> have two VPN servers I can run two instances of Outlook by simply
>>> logging each PC into a different VPN server.
>>>
>>> I know that I could put up a persistent VPN tunnel between the UK  
>>> and
>>> our router, but they'd rather not do that.
>>>
>>> How do I configure m0n0wall so that it will permit multiple inside  
>>> PCs
>>> to establish VPN tunnels to a single far-end server?
>>>
>>> Many Thanks,
>>>
>>> Michael
>>
>> Michael,
>>
>> My guess this is a NAT issue.
>>
>> PPTP uses the raw IP (GRE) for transport, and since it is not TCP/UDP
>> there is no 'port' to map from private to public and back again.  As
>> soon as the first PPTP outgoing is established, the second outgoing
>> will route all returning GRE to the first tunnel.
>>
>> One solution may be to have separate static IP address (1:1 NAT) for
>> each private LAN user.
>>
>> The better solution is to use OpenVPN :-)
>>
>
> How would a little Linksys WRT handle this? And m0n0wall doesn't?
>
> I know that OpenVPN would better, but I can't force any changes at the
> other end. I have to live with the VPN servers as they are for now.
>
> Michael

> How would a little Linksys WRT handle this? And m0n0wall doesn't?

Good question.  Possibly Linux has a 'smarter' NAT when dealing with  
GRE?

http://tldp.org/HOWTO/IP-Masquerade-HOWTO/vpns.html

Lonnie