[pptp-server] Sanity Check -- NAT + VPN

Jordan Share iso9 at phantasticant.com
Thu Sep 6 14:27:03 CDT 2001


OIC.  I thought you were looking for a way to connect two subnets securely, which IPSec definitely is.

Since you only need to connect clients, then PPTP is probably the easiest thing (especially since you already have it working. :)  And you could share the PPTP connection if it comes down to it, I guess.  

I see PPTP and IPSec as having different applications/purposes, and I was confused as to what your application was.

Thanks,
Jordan

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher
Kalos
Sent: Thursday, September 06, 2001 12:07 PM
To: Poptop Mailing List
Subject: RE: [pptp-server] Sanity Check -- NAT + VPN


	Well, I'm trying to stay as close to MS compliant as I can, since we can't
control every client that enters the VPN.  The less custom stuff that we
work with, the easier it is to help any people overseas with their
connection.  Adding another variable would be painful at this point.
	In addition, unless I see something horrendously wrong with Poptop, why
should I change the system?  As it stands, I've successfully managed to
enable MPPE support, and as far as Win2000/Win98 are concerned, they're
talking to a Windows VPN server.  Does FreeS/WAN really buy me so much that
I should be forced to fix that which isn't even entirely broken?
	I can share the VPN link, effectively running router-to-router VPN, but
there are reasons that we may prefer a client-server design at this point.
That's the only reason that I've asked, and I didn't really consider it an
entry point to any arguments over which VPN software is better.  If I wanted
to deal with that, I'd move onto mpd-netgraph and call it a day :-)

CK


-----Original Message-----
From: Jordan Share [mailto:iso9 at phantasticant.com]
Sent: Thursday, September 06, 2001 3:08 PM
To: Christopher Kalos; Poptop Mailing List
Subject: RE: [pptp-server] Sanity Check -- NAT + VPN


Why not use FreeS/WAN ?  http://www.freeswan.org/

It's the IPSec software for linux.  I found it to be relatively
straightforward to set up, and there is a lot of assistance available on the
mailing list.

I'm using PPTP for win2k clients to VPN into our LAN, and IPSec to connect
my home LAN with the office LAN, as well as connect the Office LAN to our
colocated LANs.

Everything works flawlessly (although I did have some problems at the
beginning with MTU size. :)

Jordan

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher
Kalos
Sent: Thursday, September 06, 2001 9:22 AM
To: Poptop Mailing List
Subject: [pptp-server] Sanity Check -- NAT + VPN


	I've got a group of systems attempting to access our PoPToP VPN from a
remote location.  At this point, they're all sharing a single connection to
the outside world, so they're dealing with a NAT gateway.  I'm certain that
this can't be done, but I'd like to bounce it off of the list first.  Can
multiple clients connect from behind this NAT system to the VPN at the same
time?  If so, how would I go about setting that up?  I know that at the
moment, it fails miserably each time I try to get two users on, which I'll
chalk up to the GRE traffic.

Thanks in advance,
Christopher Kalos
Systems Administrator
Gotham Broadband
212.206.9620 x340

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --




More information about the pptp-server mailing list