[pptp-server] Shifting ISPs - possible problem?

Gareth Marlow Gareth_Marlow at scientia.com
Tue Aug 27 11:28:18 CDT 2002

I have been running a PoPToP server for about 2.5 years now with no
problems. We have a class C network; the VPN server is on a DMZ behind a
multi-homed Debian 2.2 box running IP chains. All IP addresses are
publicly-routed; everything is cool.

Unfortunately, we are shortly to be moving to a new ISP which will
allocate us a tiny handful of IP addresses. I plan to keep the firewall
and Proxy-ARP the addresses of the servers on the DMZ. To complicate
matters, the ISP will be using static NAT (i.e. NOT masquerading). All of
my PPTP clients are direct dial-up to the 'net.

Are there likely to be any problems with this - both upstream with the ISP
doing the 1 to 1 NATing, and with me proxy-arping the VPN server? We often
have more than 1 simultaneous user (we have about 15 road warriors and the
high water mark for simultaneous connections is 6).

To summarise, the new config will be:

Road warrior -- Internet -- ISP -- (1 to 1 static NAT) -- ProxyARP IP
chains firewall -- PoPToP server

If anyone is running this kind of config (or even just part of it) it'd be
great to hear from you.


Systems Manager, Scientia Ltd. and Fontal Ltd.

More information about the pptp-server mailing list