[pptp-server] Multi VPN
Cowles, Steve
Steve at SteveCowles.com
Thu Dec 13 13:07:07 CST 2001
> -----Original Message-----
> From: Steve Jorgensen [mailto:jorgens at coho.net]
> Sent: Thursday, December 13, 2001 11:57 AM
> To: pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] Multi VPN
>
> > On Thursday, December 13, 2001 9:05 AM, Cowles, Steve
> > [SMTP:Steve at SteveCowles.com] wrote:
> >
> > As the other post states... what you are trying to
> > accomplish cannot be done with the 2.4.x kernels.
> > Although.... it looks like John Hardin has updated
> > his website recently. If I understand the addition
> > correctly, it looks like someone (Brian Kuschak) has
> > developed a patch for netfilter with regards to
> > pptp. What I'm uncertain of is whether it addresses
> > your problem. i.e. multiple ip's connecting to a
> > single server.
> >
> > Anyway, checkout:
> > http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
> >
> > Specifically, the 2.4.x section. I'd would be interested in
> > knowing if this patch addresses this problem.
>
> I imagine it must - otherwise, a PPTP patch would have no
> purpose with 2.4, would it? 2.4 handles GRE just fine if
> you don't need multiple clients from the same masqd LAN
> connecting to a single server, right?
Thats my understanding of the current 2.4.x kernel/netfilter capabilites. A
single GRE tunnel (client) per ip. Not multiple clients.
I did have a chance to take a look at the referenced patch and it
specifically patches the ip_conntrack module among others. Makes sense.
Unfortunately, I will probably never be able to test this patch in a real
world environment. So for future reference, I would be interested in knowing
if this patch does address the multiple ip -> single capability on linux
firewalls and whether or not its ready for a production environment.
Steve Cowles
More information about the pptp-server
mailing list