[ previous ] [ next ] [ threads ]
 
 From:  "Fournaux Nicolas" <nfournaux at sopragroup dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Is a NAT on PPTP interface a taboo subject ?
 Date:  Thu, 12 Aug 2004 10:41:33 +0200
Hi.

If i could use NAT on my PPTP interface of Monowall it will solve my problem because the PPTP client
will send packets to
192.168.1.1 and Monowall will forward them to 192.168.0.2.

It is why i want to enable NAT on my PPTP interface.

Is it possible with monowall ? it is an important feature i think.


Bye and thanks.

Honnor and Glory to unix users.

-----Message d'origine-----
De : Dave Warren [mailto:maillist at devilsplayground dot net]


Objet : Re: [m0n0wall] Is a NAT on PPTP interface a taboo subject ?


Fournaux Nicolas wrote:

>Is a NAT on PPTP interface a taboo subject ?
>It is strange that i m the only people who gets the problem.
>
>If your LAN is on 192.168.0.0/24 and if the LAN of the PPTP client is also on 192.168.0.0/24 (and
this case if not rare) how can pptp client send packet to the remote LAN ?
>The workstation will sent all packets to his LAN interface and not to VPN :(
>
>Cya and thanks for any help.
>
>Sorry for this reply from myself :)
>  
>
Your only real option is to change the subnets on one or the other 
side.  IP was built with the assumption that *every* host has a unique 
IP and there are no provisions for cases where multiple machines are 
attempting to share IP space.

In Windows it MIGHT be possible to do this using route table entries, try

Assuming your "real" IP is 192.168.0.1 VPN IP you're assigned is 
192.168.0.2, if you want to communicate with host 192.168.0.10 on the 
VPN, try the following command:

route add 192.168.0.10 192.168.0.2

(Yes, this is routing a packet to yourself -- It tends to work though, 
in Windows anyway)

In general IP renumbering (especially of a home LAN) isn't usually too 
painful, especially when compared to dealing with similar IP blocks -- 
For most home LANs you just change the IP on their router and reboot all 
the IPs and you're done.

I'd recommend picking something relatively unique, 10/8 is good for this 
because the IP space is so huge (compared to 192.168/16), but you'll run 
into some networks that use subnet masks of 10/8 just because they can.  
Chances of colliding networks at 10.251.88/24 (or something equally 
random) is significantly lower then the often-used 192.168.0/8 ro 
192.168.1/8

-- 
Just sit through this NRA meeting Marge, and if  you still
don't think guns are great then we'll argue some more.