Date: Thu, 15 Jul 2004 14:12:30 +0900 (JST) From: Motonori Shindo <mshindo@mshindo.net> To: mikej@rogers.com Cc: freebsd-net@freebsd.org Subject: Re: PPTP VPN using MPD behind NAT help needed Message-ID: <20040715.141230.18312145.mshindo@mshindo.net> In-Reply-To: <3665.192.168.0.200.1089862617.squirrel@192.168.0.200> References: <3545.192.168.0.200.1089857749.squirrel@192.168.0.200> <20040715.113844.39154001.mshindo@mshindo.net> <3665.192.168.0.200.1089862617.squirrel@192.168.0.200>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike, I apology. I should have read your description more carefully. Looks like mpd is trying to send an ConfReq but it either didn't get delivered to the peer, or, ConfAck as a response to the ConfReq didn't come back for some reason. This may be a timing issue which party initiates LCP ConfReq first. I guess one particular side may have to initiate ConfReq first so that NAT works OK. Mpd log for successful case and tcpdump capture (for both successful and unsuccessful case) on the machine mpd is running may help for further investigation. Regards, From: "Mike Jakubik" <mikej@rogers.com> Subject: Re: PPTP VPN using MPD behind NAT help needed Date: Wed, 14 Jul 2004 23:36:57 -0400 (EDT) > Motonori Shindo said: > > >> > This seems like a DSL router's problem. Because PPTP encapsulates PPP > >> > using GRE, which is neither TCP nor UDP, routers sometimes can not NAT > >> > PPTP traffic. Some router conqurs this problem by simply "passing > >> > through" GRE packets (and hence this feature is sometimes called "VPN > >> > Pass Through") assuming there is only one PPTP client behind NAT. What > >> > you are seeing is most likely this case. > >> > > >> > There are, however, routers with more intelligence in this regard, > >> > which is capable of handling GRE over NAT with many clients. 'natd' > >> > included in FreeBSD is one of such "smart" NAT implementation. > >> > >> Thanks, but what has me concerned is that fact that one client can > >> connect > >> just fine. I belive they are using a watchguard firebox as their > >> firewall. > > > > "One client works just fine but not two or more clients > > simultaneously" is a typical symptom you'll see when NAT device does > > simple "VPN Pass Through". > > I never said simultaneously, i mean that only one of them can connect. > They are not all connecting at once. > > > >> Aother strange thing is that we have had a Windows 2003 server behind > >> this > >> Dlink router, and VPN worked with the Windows server. This is what led > >> me > >> to belive that it may be something else. > > > > Do you mean you used Windows 2003 Server as a PPTP server or a PPTP > > client? If you used it as a PPTP client, did it always work OK with > > other PPTP clients simultaneously through that DLink router? > > > > Regards, > > Yes, as a PPTP server. Also, we have no problems establishing more than > one outgoing PPTP connection via this router.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040715.141230.18312145.mshindo>