On Sun, 23 May 2004, Gianluca Bosco wrote:
> I have enabled the PPTP server on m0n0 1.0, and I'm experiencing a problem
> connecting from XP VPN clients behind a NAT/firewall over which I have no
> Specifically, from the VPN clients I'm able to establish a first connection,
> but when it comes to the authentication (user/password), XP reports a 619
> error, stating that " ... the port was disconnected ...".
> My feeling is that while the vpn clients can open a connection on 1723 to
> the m0n0 PPTP server, they cannot accept a second connection coming from the
> PPTP server itself, since the firewall is blocking it (GRE?).
> Is there any workaround for this problem?
The short answer is no. PPTP is one of the most NAT-unfriendly protocols
ever invented. I suspect some guys at Microsoft lay awake nights trying
to figure out how to outdo the NAT unfriendliness of active-mode FTP, and
they succeeded. :-)
*If* you have control of the NAT router, then the particular case where
you want *one* LAN client to work and don't care about incoming PPTP, then
it can be made to work via NAT redirection. Otherwise, forget it.
The only complete solution would be a smart PPTP propxy on the router.