[pptp-server] PPTP and NAT?

Eric Stratte estradey at pullman.com
Thu Jul 20 00:49:53 CDT 2000 

Ronnie,

Cool, I'd love some help, I'll breakdown a bit more info on what is
setup and what I want to be able to do.

I have DSL, and a linux firewall/pptp server and my friend has DSL with
a Win98 ICS "firewall" and we also have several other friends with
either single computer DSL's or dialup's.  I have been using the PPTP to
allow everyong to be one the same LAN, for what else, but to play
games.  Here is a "diagram"

ME(192.168.5.2)   other internal computers 192.168.5/24  PPTP doles out
192.168.5.64/28
      |          /
/------------------\
| 192.168.5.1 eth0 |
| linux computer   |
| u.x.y.z (eth1)   |
\------------------/
      | (dsl)
      |
   ~internet~
      |
      |------------------other friends with dialups
      |
      |(dsl)
/-----------------\
| v.x.y.z nic1    |
|  win98 w/ICS    |
| 192.168.0.1 nic2|
\-----------------/
      |
 192.168.0/24  (his internal computers)

So we want ME, my "other internal computer", his win98 w/ICS, "other
friends with dialups", and all of "his internal computers" to have
adapters with 192.168.5/24 addresses so that games that require point to
point communication from to all computers can work.

I guess I have 2 problems, PPTP does not support multiple connections
with both having the same IP and the fact that ICS from winblows will
not work even if it did.

{I think the first thing he should do is setup a linux firewall, but for
that help I guess there is {alt.comp.os.linux.advocacy :)  I installed
rh6.1 a while back for him and he had a SCSI card go out at {the same
exact time, he holds some kind of linux grudge :P

Your message seems to indicate their is a way to make ICS work?  Can you
elaborate?

Additionally Stefan talked about how to make PPTP work with multiple
connections (same ip's) and I am curious about the john harding patch. 
I am also interested in what I could do to hack in or read more about
implementing PNS mode?  does this involve using different ports and/or
sockets?  I wish I knew more, there is so much cool stuff to learn about
:)

Thanks a bunch guys!

Eric

Stefan Strehle wrote:
>You have three options:
>-You install a linux fireall with support of masquerading pptp clients (john harding patch...)
>-You have two IP adresses for your server, and you have two different pptp
>instances running on these two interfaces. Therefore the GRE routing problem
>is fixed, because the two clients do not connect at the same IP adress
>anymore.
>-You wait until a proper PNS mode implementaion is applied in the pptp code.



Support wrote:
> 
> I have a similar setup, using a RH6.2 Linux box as the router/firewall. With
> the PPTP MASQ option, I can have all of the clients behind it (20 users)
> connect to the single IP address of our server. I have not had any problems
> with this.
> 
> If you need help with this configuration, let me know. I know for a fact
> that the NAT in ICS does not allow this to work proplerly, nor does the
> Ascend router NAT. Not sure about the CISCO router NAT.
> 
> Ronnie

More information about the pptp-server mailing list