From owner-freebsd-net@FreeBSD.ORG Thu Jul 15 05:12:34 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5AA716A4CE for ; Thu, 15 Jul 2004 05:12:34 +0000 (GMT) Received: from cow.home.mshindo.net (usen-221x245x168x210.ap-US01.usen.ad.jp [221.245.168.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC65443D1D for ; Thu, 15 Jul 2004 05:12:33 +0000 (GMT) (envelope-from mshindo@mshindo.net) Received: from localhost (usen-221x245x168x210.ap-US01.usen.ad.jp [221.245.168.210]) by cow.home.mshindo.net (8.12.6/8.12.6) with ESMTP id i6F5GIw9053323; Thu, 15 Jul 2004 14:16:19 +0900 (JST) (envelope-from mshindo@mshindo.net) Date: Thu, 15 Jul 2004 14:12:30 +0900 (JST) Message-Id: <20040715.141230.18312145.mshindo@mshindo.net> To: mikej@rogers.com From: Motonori Shindo In-Reply-To: <3665.192.168.0.200.1089862617.squirrel@192.168.0.200> References: <3545.192.168.0.200.1089857749.squirrel@192.168.0.200> <20040715.113844.39154001.mshindo@mshindo.net> <3665.192.168.0.200.1089862617.squirrel@192.168.0.200> X-Mailer: Mew version 4.0.65 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: PPTP VPN using MPD behind NAT help needed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jul 2004 05:12:35 -0000 Mike, I apology. I should have read your description more carefully. Looks like mpd is trying to send an ConfReq but it either didn't get delivered to the peer, or, ConfAck as a response to the ConfReq didn't come back for some reason. This may be a timing issue which party initiates LCP ConfReq first. I guess one particular side may have to initiate ConfReq first so that NAT works OK. Mpd log for successful case and tcpdump capture (for both successful and unsuccessful case) on the machine mpd is running may help for further investigation. Regards, From: "Mike Jakubik" Subject: Re: PPTP VPN using MPD behind NAT help needed Date: Wed, 14 Jul 2004 23:36:57 -0400 (EDT) > Motonori Shindo said: > > >> > This seems like a DSL router's problem. Because PPTP encapsulates PPP > >> > using GRE, which is neither TCP nor UDP, routers sometimes can not NAT > >> > PPTP traffic. Some router conqurs this problem by simply "passing > >> > through" GRE packets (and hence this feature is sometimes called "VPN > >> > Pass Through") assuming there is only one PPTP client behind NAT. What > >> > you are seeing is most likely this case. > >> > > >> > There are, however, routers with more intelligence in this regard, > >> > which is capable of handling GRE over NAT with many clients. 'natd' > >> > included in FreeBSD is one of such "smart" NAT implementation. > >> > >> Thanks, but what has me concerned is that fact that one client can > >> connect > >> just fine. I belive they are using a watchguard firebox as their > >> firewall. > > > > "One client works just fine but not two or more clients > > simultaneously" is a typical symptom you'll see when NAT device does > > simple "VPN Pass Through". > > I never said simultaneously, i mean that only one of them can connect. > They are not all connecting at once. > > > >> Aother strange thing is that we have had a Windows 2003 server behind > >> this > >> Dlink router, and VPN worked with the Windows server. This is what led > >> me > >> to belive that it may be something else. > > > > Do you mean you used Windows 2003 Server as a PPTP server or a PPTP > > client? If you used it as a PPTP client, did it always work OK with > > other PPTP clients simultaneously through that DLink router? > > > > Regards, > > Yes, as a PPTP server. Also, we have no problems establishing more than > one outgoing PPTP connection via this router.