[pptp-server] Shifting ISPs - possible problem?

Gareth Marlow Gareth_Marlow at scientia.com
Tue Aug 27 11:28:18 CDT 2002


I have been running a PoPToP server for about 2.5 years now with no
problems. We have a class C network; the VPN server is on a DMZ behind a
multi-homed Debian 2.2 box running IP chains. All IP addresses are
publicly-routed; everything is cool.

Unfortunately, we are shortly to be moving to a new ISP which will
allocate us a tiny handful of IP addresses. I plan to keep the firewall
and Proxy-ARP the addresses of the servers on the DMZ. To complicate
matters, the ISP will be using static NAT (i.e. NOT masquerading). All of
my PPTP clients are direct dial-up to the 'net.

Are there likely to be any problems with this - both upstream with the ISP
doing the 1 to 1 NATing, and with me proxy-arping the VPN server? We often
have more than 1 simultaneous user (we have about 15 road warriors and the
high water mark for simultaneous connections is 6).

To summarise, the new config will be:

Road warrior -- Internet -- ISP -- (1 to 1 static NAT) -- ProxyARP IP
chains firewall -- PoPToP server

If anyone is running this kind of config (or even just part of it) it'd be
great to hear from you.

Gareth

-- 
Systems Manager, Scientia Ltd. and Fontal Ltd.




More information about the pptp-server mailing list