[pptp-server] how to get natted/masqued client to use poptop

HVR hvrietsc at yahoo.com
Fri Nov 2 19:31:37 CST 2001 

Kinzer, Don wrote:

> Your firewall needs to be aware of the PPTP protocol and have special
> support for it.
> 
> If you're using ipchains, the solution may be found here:
> http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html.  I've been using
> the PPTP-only patch for the 2.2 kernel for a year or two.
> 


i have applied all those patches, because without those i couldn't even 
connect a single NAT/MASQed client. the issue is however that whne i 
connect more then one client via the same NAT box then poptop will only 
assign one tunnel, and two clients talking via the same tunnel gets 
messy real fast.

i also did an ip alias on the eth0 where the pptpd is listening and if 
one client calls on one ip address and the other client on the other ip 
address then they both get a different tunnel and all is fine. so i know 
it is not my natting/masquerading that is the problem.

H.


> If you're using iptables, the solution is being worked on (i.e. being tested
> by some); search the iptables development list for more information.  I've
> been using it on a test firewall and it appears to work fine.
> 
> If you're using a commercial firewall, contact your vendor.
> 
>  -----Original Message-----
> From: 	HVR [mailto:hvrietsc at yahoo.com] 
> Sent:	02 Nov 2001 3:08 PM
> To:	pptp-server at lists.schulte.org
> Subject:	[pptp-server] how to get natted/masqued client to use poptop
> 
> i have multiple clients behind a linux box doing NAT/MASQ: the first 
> client can connect just fine but once i start a 2nd one it somehow uses 
> the same tunnel and things get really screwy.
> 
> i searched the archives and found the trick to use ip aliasing on the 
> pptpd server but then all the clients need to know which ip is free and 
> which is used. another problem is that i will have dozens of clients so 
> extra ips are not a scalable solution.
> 
> now i am aware that this will break the pptp standard, but i have been 
> told that the M$ implementation of pptp server will do this just fine 
> buti really would like to create a linux based solution (if only to show 
> them you do NOT need windows in here).
> 
> Any leads/pointers on how i can solve my problem, if need be i will hack 
> up the source code for pptpd, if someone can tell me were to start looking.
> 
> H.
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 
>

More information about the pptp-server mailing list