[pptp-server] PPTP masquerade && MS non-compliance

[Josh Howlett]

On Fri, 22 Jun 2001, Jamin Collins wrote:
> Charlie Brady [mailto:charlieb at e-smith.com] wrote:
> > Perhaps you could explain. Supporting multiple concurrent masqueraded
> > connections to the same destination would add value to the 
> > users. Can it be done? Can it be done reliably?
> 
> First, what are good reasons to have multiple connections to the same
> destination?  Second, each connection has overhead associated with it, on
> both ends.  Thus, two client machines routed through a single VPN connection
> to a remote network has a better through put to overhead ratio than both
> clients making their own connections.  As such it is better for the users to
> stick with the current capabilities and look into routing these two systems
> through a single connection.  

In my application of PPTP, there is no way of knowing _a priori_ what
PPTP server clients will want to start a session with.  I also expect to
be using dozens (at least) of PPTP servers, with client connecting at
any one of dozens of possible locations; consequently, any scheme that
relies upon VPN tunnels between masquerading box scales very poorly
(I've tried...).

> Could multiple connections be done?  Certainly (MS has already done exactly
> this).  Can it be done reliably?  I would say yes.  But the true question
> is: Should we do this?  Until this is decided the others are irrelevant.

The answer is obvious: if it's useful to people, it should be
implemented.  I don't believe anything is gained by following a
specification to the letter simply for the sake of it.

If this can't (or won't) be implemented in poptop, I'll either have to
change to MS RAS or (more likely) IPSec. 

cheers, josh.