[pptp-server] Thoughts and suggestions for a NAT situation

Chris j. Storer cstorer at infinitisystems.com
Thu Sep 13 21:09:42 CDT 2001


That's exactly what I mean - 1 IP address that is NATing a LAN - each client
on the LAN maintains a PPTP connection, through NAT on a Win2k server, or a
3com "lanmodem".

I have main office in Cleveland with an as400 and a t1.  7 small, remote
offices - 2 on dsl, the rest share dialup lines with 3com lanmodems, small
analog NAT routers.  Each individual client at the 7 remote sites initiates
a VPN session into cleveland (1 Win2k VPN server, 1 WinNT VPN server...don't
ask), through NAT, and then telnet into the 400.  At one site I have 25
sessions running through one IP address.

MS PPTP, in this situation, works - I can have 20 seperate connections NATed
from one IP.

PoPToP does not seem to handle this.  Once one client behind the NAT has a
PPTP connection, all other attempts to connect from behind the NAT fail.

-----Original Message-----
From: George Vieira
To: Chris j. Storer; pptp-server
Sent: 9/13/2001 6:28 PM
Subject: RE: [pptp-server] Thoughts and suggestions for a NAT situation

I'm not sure what you mean by "allowing more than one connection from an
IP
address"... It's actually the opposite. You can't connect multiple
tunnels
coming from the same IP unless it's 1 IP and NATing multiple machines..

Can you explain the NAT further and who is doing the NATing...

-----Original Message-----
From: Chris Storer [mailto:cstorer at infinitisystems.com]
Sent: Friday, September 14, 2001 5:29 AM
To: pptp-server
Subject: [pptp-server] Thoughts and suggestions for a NAT situation


After briefly scanning the recent thread regarding NAT, I realized I
might
just have a problem...

I've been playing with poptop in my office and it has been working
great.
My boss now wants me to setup a poptop server at one of our clients,
replacing 2 MS PPTP servers.  Sounds great, right?

Not so great.  The client in question has multiple small, remote offices
who
VPN in, then basically telnet into an AS/400.  Two of these remote sites
have DSL, the other 4-5 are on dialup connections.  *All* of them are
behind
NAT!! (Yes, each individual client workstation initiates a PPTP
connection
to our main office..it's somewhat ugly, but works well for the most
part,
and is much less expensive than running "router-to-router" type VPN's
requiring endpoints at each location)

My understanding (please correct me if I am wrong!) is that MS's PPTP
implementation is actually "broken", allowing more than one connection
from
an IP address - hence, all my NAT'ed users can all VPN in at the same
time.

Obviously, (from the last NAT thread) this does NOT work with poptop.

Does anybody have any ideas or suggestions as to how I might implement
an
open source solution in this situation?  Are there any other VPN
implementations that work well in a "road warrior" type environment,
rather
than router to router? How hard would it be to "break" poptop into
working
this way?  Please help!!

Thanks very much in advance for any insight!

Chris Storer
IT Consultant
Infiniti Systems Group, Inc
A Weatherhead 100 Company
www.infinitisystems.com
cstorer at infinitisystems.com

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --



More information about the pptp-server mailing list