On 2006/05/10 19:01, Bruno Carnazzi wrote: > >In theory, so long as there is only one given client on the LAN connecting > >to a given PPTP endpoint on the 'Net, I can handle it all using standard PF > >syntax. My problem is that I have two clients on the LAN that wish to > >connect to the same endpoint -- that, AFAIK, requires a proxy. > > That's my first question : why the need for a proxy for a network level > protocol ?
To tell multiple PPTP sessions with the same IP addresses apart, you need to look at the protocol's Control Channel ID in the payload, not the headers, of the packets. Some OS do this relatively-complicated work in NAT modules in the kernel (e.g. libalias in FreeBSD), OpenBSD does this type of thing in user-land (same thing with ftp-proxy, for example).
