Re: pptp gre nat

["Crist J. Clark" <cjclark@reflexnet.net>]

On Fri, Jan 26, 2001 at 09:25:43AM -0800, perhaps you should poop wrote:
> | Niklas Hallqvist was heard saying ...
> > 
> > Seems strange, indeed.  Or hmm, maybe they know how to look inside the
> > GRE packet and use the inner data to get a more unique identifier?  It
> > is possible since GRE is just a header to look past.  I suggest you talk
> > to Darren Reed about this possibility, the author of ipf.
> 
> 	I am assuming his hoped for configuration is this?
> 
> 	[VPN CLIENT via PPTP] ====== [OBSD/NAT] ====== [WINNT RAS]
> 
> 			====== pptp tunnel
> 
> 
> 	I have been told you can get a mod for ip chains that will
> 	allow what he is trying to do. His problem is actually my problem also.
> 	I have struggled with this off and on for awhile now. I cannot imagine
> 	our sitations are unique, so if there are solutions out there please
> 	send to myself or post to the list.
> 
> 	I would be interested in seeing this developed into future versions of
> 	ipf.

natd(8) in FreeBSD handles multiple PPTP sessions. The primary code is
in lib/libalias/alias_pptp.c if anyone wants to see how it works.

However, IIRC, there is an issue with PPTP servers. They actually
cannot deal with multiple connections from the same IP. It is not a
GRE issue; they don't handle multiple incoming TCP connections on port
1723 from the same source IP. Again, IIRC.
-- 
Crist J. Clark                           cjclark@alum.mit.edu