[pptp-server] Thoughts and suggestions for a NAT situation

Allan Clark allanc at caldera.com
Thu Sep 13 15:29:14 CDT 2001


Chris;

For what I recall, you are correct that this NAT->poptop connection will
fail on poptop.  The proper PPTP functionality, supported by poptop, is
that the NAT node would have to aggregate the control connections for
each client into its one control connection between it and the
poptop/PPTP service node.

The only way to support this with poptop would be to break poptop, which
is not a purists' solution, but it would be one of "working everywhere
MS works".  I don't support using a single vendor as an acceptance case,
unless eliminating that vendor is one of the objectives.

...but then, I'm not coding any part of poptop... so take my comments
with reduced weighting.

I apologize that I have no solution for you, just confirmation.

Allan


Chris Storer wrote:
> 
> After briefly scanning the recent thread regarding NAT, I realized I might
> just have a problem...
> 
> I've been playing with poptop in my office and it has been working great.
> My boss now wants me to setup a poptop server at one of our clients,
> replacing 2 MS PPTP servers.  Sounds great, right?
> 
> Not so great.  The client in question has multiple small, remote offices who
> VPN in, then basically telnet into an AS/400.  Two of these remote sites
> have DSL, the other 4-5 are on dialup connections.  *All* of them are behind
> NAT!! (Yes, each individual client workstation initiates a PPTP connection
> to our main office..it's somewhat ugly, but works well for the most part,
> and is much less expensive than running "router-to-router" type VPN's
> requiring endpoints at each location)
> 
> My understanding (please correct me if I am wrong!) is that MS's PPTP
> implementation is actually "broken", allowing more than one connection from
> an IP address - hence, all my NAT'ed users can all VPN in at the same time.
> 
> Obviously, (from the last NAT thread) this does NOT work with poptop.
> 
> Does anybody have any ideas or suggestions as to how I might implement an
> open source solution in this situation?  Are there any other VPN
> implementations that work well in a "road warrior" type environment, rather
> than router to router? How hard would it be to "break" poptop into working
> this way?  Please help!!
> 
> Thanks very much in advance for any insight!
> 
> Chris Storer
> IT Consultant
> Infiniti Systems Group, Inc
> A Weatherhead 100 Company
> www.infinitisystems.com
> cstorer at infinitisystems.com
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --



More information about the pptp-server mailing list