[ previous ] [ next ] [ threads ]
 
 From:  Jon Tackabury <jtackabury at binaryfortress dot com>
 To:  Fournaux Nicolas <nfournaux at sopragroup dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Is a NAT on PPTP interface a taboo subject ?
 Date:  Thu, 12 Aug 2004 11:41:52 -0400 
Fournaux Nicolas wrote:

>Hi.
>
>If i could use NAT on my PPTP interface of Monowall it will solve my problem because the PPTP
client will send packets to
>192.168.1.1 and Monowall will forward them to 192.168.0.2.
>
>It is why i want to enable NAT on my PPTP interface.
>
>Is it possible with monowall ? it is an important feature i think.
>
>
>Bye and thanks.
>
>Honnor and Glory to unix users.
>
>-----Message d'origine-----
>De : Dave Warren [mailto:maillist at devilsplayground dot net]
>Envoyé : mercredi 11 août 2004 23:05
>À : Fournaux Nicolas; m0n0wall at lists dot m0n0 dot ch
>Objet : Re: [m0n0wall] Is a NAT on PPTP interface a taboo subject ?
>
>
>Fournaux Nicolas wrote:
>
>  
>
>>Is a NAT on PPTP interface a taboo subject ?
>>It is strange that i m the only people who gets the problem.
>>
>>If your LAN is on 192.168.0.0/24 and if the LAN of the PPTP client is also on 192.168.0.0/24 (and
this case if not rare) how can pptp client send packet to the remote LAN ?
>>The workstation will sent all packets to his LAN interface and not to VPN :(
>>
>>Cya and thanks for any help.
>>
>>Sorry for this reply from myself :)
>> 
>>
>>    
>>
>Your only real option is to change the subnets on one or the other 
>side.  IP was built with the assumption that *every* host has a unique 
>IP and there are no provisions for cases where multiple machines are 
>attempting to share IP space.
>
>In Windows it MIGHT be possible to do this using route table entries, try
>
>Assuming your "real" IP is 192.168.0.1 VPN IP you're assigned is 
>192.168.0.2, if you want to communicate with host 192.168.0.10 on the 
>VPN, try the following command:
>
>route add 192.168.0.10 192.168.0.2
>
>(Yes, this is routing a packet to yourself -- It tends to work though, 
>in Windows anyway)
>
>In general IP renumbering (especially of a home LAN) isn't usually too 
>painful, especially when compared to dealing with similar IP blocks -- 
>For most home LANs you just change the IP on their router and reboot all 
>the IPs and you're done.
>
>I'd recommend picking something relatively unique, 10/8 is good for this 
>because the IP space is so huge (compared to 192.168/16), but you'll run 
>into some networks that use subnet masks of 10/8 just because they can.  
>Chances of colliding networks at 10.251.88/24 (or something equally 
>random) is significantly lower then the often-used 192.168.0/8 ro 
>192.168.1/8
>
>  
>
I agree that this would be a great feature to have.  I am having the 
exact same problem with subnets.  I would like to avoid having to add 
routes on my pptp clients.

Thanks,
Jon