[pptp-server] Thoughts and suggestions for a NAT situation

Chris Storer cstorer at infinitisystems.com
Thu Sep 13 14:29:27 CDT 2001


After briefly scanning the recent thread regarding NAT, I realized I might
just have a problem...

I've been playing with poptop in my office and it has been working great.
My boss now wants me to setup a poptop server at one of our clients,
replacing 2 MS PPTP servers.  Sounds great, right?

Not so great.  The client in question has multiple small, remote offices who
VPN in, then basically telnet into an AS/400.  Two of these remote sites
have DSL, the other 4-5 are on dialup connections.  *All* of them are behind
NAT!! (Yes, each individual client workstation initiates a PPTP connection
to our main office..it's somewhat ugly, but works well for the most part,
and is much less expensive than running "router-to-router" type VPN's
requiring endpoints at each location)

My understanding (please correct me if I am wrong!) is that MS's PPTP
implementation is actually "broken", allowing more than one connection from
an IP address - hence, all my NAT'ed users can all VPN in at the same time.

Obviously, (from the last NAT thread) this does NOT work with poptop.

Does anybody have any ideas or suggestions as to how I might implement an
open source solution in this situation?  Are there any other VPN
implementations that work well in a "road warrior" type environment, rather
than router to router? How hard would it be to "break" poptop into working
this way?  Please help!!

Thanks very much in advance for any insight!

Chris Storer
IT Consultant
Infiniti Systems Group, Inc
A Weatherhead 100 Company
www.infinitisystems.com
cstorer at infinitisystems.com




More information about the pptp-server mailing list