[pptp-server] Multiple masqueraded clients
Pete Starzewski
pstarzew at gbp.com
Thu Aug 9 08:32:37 CDT 2001
>> All is well when a single PC uses its VPN connection. It is
>>also fine for a second user. But when either user closes
>> the connection, both connections drop.
>You shouldn't even be able to make the second connection at all.
Yes and no.... There is an initial tcp connect (I am assuming for the
login, initial connect and tunnel negotiation) and then the primary
connection for the tunnel itself is done with GRE which is more or less a
"raw" connection. Theoretically, under a specific set of conditions, you
could negotiate multiple connections over the TCP channel and even
negotiate multiple tunnels. Just don't try to actually use them.
>There has been some discussion about this. The PoPToP currently >follows the
>RFC which doesn't allow for multiple connections from one IP. Some >people
>want to violate the RFC for the sake of functionality. However I don't know
>of anyone actually working on something of this nature.
The RFC for pptp really doesn't have anything to do with it. The problem
stems from the use of GRE for the tunnel. If you eliminate GRE from pptp,
then you really have a brand new protocol. Rather than re-inventing the
wheel, might I suggest IP-SEC?
More information about the pptp-server
mailing list