tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]


I have a private network where two or more VPN clients need to
simultaneously connect with the same PPTP VPN concentrator on the web.
Between the clients and the wider Internet is my PF NAT firewall.  One
VPN client can connect, but a second client cannot.  The reason is that
PF NAT does not grok PPTP or GRE in general, so it cannot use the Call
ID field to distinguish the packets sent by the concentrator to one
client from packets sent to another client.

Is this problem familiar to anyone?  Is there any workaround, short of
patching my kernel to track PPTP sessions?  On the web, I've found out
that there are two patchsets for tracking PPTP sessions in PF, so I will
be trying those if no other solution shows up.


David Young             OJC Technologies      Urbana, IL * (217) 278-3933

Home | Main Index | Thread Index | Old Index