PPTP and PF NAT

To: tech-net%netbsd.org@localhost
Subject: PPTP and PF NAT
From: David Young <dyoung%pobox.com@localhost>
Date: Tue, 11 Aug 2009 10:53:40 -0500

I have a private network where two or more VPN clients need to
simultaneously connect with the same PPTP VPN concentrator on the web.
Between the clients and the wider Internet is my PF NAT firewall.  One
VPN client can connect, but a second client cannot.  The reason is that
PF NAT does not grok PPTP or GRE in general, so it cannot use the Call
ID field to distinguish the packets sent by the concentrator to one
client from packets sent to another client.

Is this problem familiar to anyone?  Is there any workaround, short of
patching my kernel to track PPTP sessions?  On the web, I've found out
that there are two patchsets for tracking PPTP sessions in PF, so I will
be trying those if no other solution shows up.

Dave

-- 
David Young             OJC Technologies
dyoung%ojctech.com@localhost      Urbana, IL * (217) 278-3933

Follow-Ups:
- Re: PPTP and PF NAT
  - From: David Young
- Re: PPTP and PF NAT
  - From: Jordan Gordeev
- Re: PPTP and PF NAT
  - From: der Mouse

Prev by Date: Re: Two default routes?
Next by Date: Re: PPTP and PF NAT
Previous by Thread: Two default routes?
Next by Thread: Re: PPTP and PF NAT
Indexes:

Home | Main Index | Thread Index | Old Index