From owner-freebsd-net@FreeBSD.ORG Thu Jul 15 03:45:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FD5016A4CE for ; Thu, 15 Jul 2004 03:45:22 +0000 (GMT) Received: from cow.home.mshindo.net (usen-221x245x168x210.ap-US01.usen.ad.jp [221.245.168.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id B6E8443D1F for ; Thu, 15 Jul 2004 03:45:15 +0000 (GMT) (envelope-from mshindo@mshindo.net) Received: from localhost (usen-221x245x168x210.ap-US01.usen.ad.jp [221.245.168.210]) by cow.home.mshindo.net (8.12.6/8.12.6) with ESMTP id i6F2gVw9052822; Thu, 15 Jul 2004 11:42:31 +0900 (JST) (envelope-from mshindo@mshindo.net) Date: Thu, 15 Jul 2004 11:38:44 +0900 (JST) Message-Id: <20040715.113844.39154001.mshindo@mshindo.net> To: mikej@rogers.com From: Motonori Shindo In-Reply-To: <3545.192.168.0.200.1089857749.squirrel@192.168.0.200> References: <62362.66.11.183.182.1089822939.squirrel@66.11.183.182> <20040715.103834.59465255.mshindo@mshindo.net> <3545.192.168.0.200.1089857749.squirrel@192.168.0.200> X-Mailer: Mew version 4.0.65 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: PPTP VPN using MPD behind NAT help needed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jul 2004 03:45:22 -0000 Mike, From: "Mike Jakubik" Subject: Re: PPTP VPN using MPD behind NAT help needed Date: Wed, 14 Jul 2004 22:15:49 -0400 (EDT) > > This seems like a DSL router's problem. Because PPTP encapsulates PPP > > using GRE, which is neither TCP nor UDP, routers sometimes can not NAT > > PPTP traffic. Some router conqurs this problem by simply "passing > > through" GRE packets (and hence this feature is sometimes called "VPN > > Pass Through") assuming there is only one PPTP client behind NAT. What > > you are seeing is most likely this case. > > > > There are, however, routers with more intelligence in this regard, > > which is capable of handling GRE over NAT with many clients. 'natd' > > included in FreeBSD is one of such "smart" NAT implementation. > > Thanks, but what has me concerned is that fact that one client can connect > just fine. I belive they are using a watchguard firebox as their firewall. "One client works just fine but not two or more clients simultaneously" is a typical symptom you'll see when NAT device does simple "VPN Pass Through". > Aother strange thing is that we have had a Windows 2003 server behind this > Dlink router, and VPN worked with the Windows server. This is what led me > to belive that it may be something else. Do you mean you used Windows 2003 Server as a PPTP server or a PPTP client? If you used it as a PPTP client, did it always work OK with other PPTP clients simultaneously through that DLink router? Regards,