Re: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

2008-08-02 Thread Eric Rogers
In forums.mikrotik.com I found this...

http://forum.mikrotik.com/viewtopic.php?f=1t=21095p=107469hilit=nat+p
ptp+helper#p107469

It looks like there is an issue since 3.0 that they have removed IP
Helpers.  I will keep looking.

Eric


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of rabbtux rabbtux
Sent: Friday, August 01, 2008 10:51 PM
To: WISPA General List
Subject: Re: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

Yes I have that enabled already.  In fact, on other MT systems that
carry
the backhaul (no firewall or nat) I also enabled this just to be safe.
Version 2.9.x has a helper for GRE and PPtP, version 3.x only has PPtP,
in
these firewall 'helpers'.  My border system is version 3.10.  I need to
make
progress on this issue, since a couple customers have gone into town to
other hotspots and have no trouble, so my network is to blame.

On Fri, Aug 1, 2008 at 7:23 PM, Eric Rogers
[EMAIL PROTECTED]wrote:

 In your Mikrotik Service Ports tab (under IP  Firewall), be sure
that
 PPtP is enabled.  That is your PPtP Helper to allow it to pass via the
 MT NAT.  Don't have a clue as to why you would need it unless it
allows
 other ports through (GRE or something).

 Eric Rogers
 Precision Data Solutions, LLC
 (317) 831-3000 x200


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
 Behalf Of rabbtux rabbtux
 Sent: Friday, August 01, 2008 8:53 PM
 To: WISPA General List
 Subject: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

 All,

 I have a fully routed network behind a MT border gateway that does nat
 for
 most residential customers.  Recently, I am hearing more rumblings
about
 customers with pptp VPNs having problems.  From what I undersand,
isn't
 PPPTP supposed to be NAT friendly??  Is there something inherent about
 it
 that would prevent multiple client connections from behind the same
nat?
 In
 our case, the customer has a home router (nat) and the border router
 connected to fiber also does nat.  All tips and network wisdom is
 appreciated!

 Thanks,
 Marshall




 
 WISPA Wants You! Join today!
 http://signup.wispa.org/


 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/






 WISPA Wants You! Join today!
 http://signup.wispa.org/





 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

2008-08-02 Thread Eric Rogers
Actually,

They didn't remove the IP helpers, they are built in.  Try something for
me.  If you go to the IPFirewallService Ports page, disable (not
delete) the PPtP port and see if that makes a difference.  I had to
disable the SIP one to allow SIP via the NAT interface.

Let me know if it works.

Eric

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Eric Rogers
Sent: Saturday, August 02, 2008 8:56 AM
To: WISPA General List
Subject: Re: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

In forums.mikrotik.com I found this...

http://forum.mikrotik.com/viewtopic.php?f=1t=21095p=107469hilit=nat+p
ptp+helper#p107469

It looks like there is an issue since 3.0 that they have removed IP
Helpers.  I will keep looking.

Eric


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of rabbtux rabbtux
Sent: Friday, August 01, 2008 10:51 PM
To: WISPA General List
Subject: Re: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

Yes I have that enabled already.  In fact, on other MT systems that
carry
the backhaul (no firewall or nat) I also enabled this just to be safe.
Version 2.9.x has a helper for GRE and PPtP, version 3.x only has PPtP,
in
these firewall 'helpers'.  My border system is version 3.10.  I need to
make
progress on this issue, since a couple customers have gone into town to
other hotspots and have no trouble, so my network is to blame.

On Fri, Aug 1, 2008 at 7:23 PM, Eric Rogers
[EMAIL PROTECTED]wrote:

 In your Mikrotik Service Ports tab (under IP  Firewall), be sure
that
 PPtP is enabled.  That is your PPtP Helper to allow it to pass via the
 MT NAT.  Don't have a clue as to why you would need it unless it
allows
 other ports through (GRE or something).

 Eric Rogers
 Precision Data Solutions, LLC
 (317) 831-3000 x200


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
 Behalf Of rabbtux rabbtux
 Sent: Friday, August 01, 2008 8:53 PM
 To: WISPA General List
 Subject: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

 All,

 I have a fully routed network behind a MT border gateway that does nat
 for
 most residential customers.  Recently, I am hearing more rumblings
about
 customers with pptp VPNs having problems.  From what I undersand,
isn't
 PPPTP supposed to be NAT friendly??  Is there something inherent about
 it
 that would prevent multiple client connections from behind the same
nat?
 In
 our case, the customer has a home router (nat) and the border router
 connected to fiber also does nat.  All tips and network wisdom is
 appreciated!

 Thanks,
 Marshall




 
 WISPA Wants You! Join today!
 http://signup.wispa.org/


 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/






 WISPA Wants You! Join today!
 http://signup.wispa.org/





 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

2008-08-01 Thread Eric Rogers
In your Mikrotik Service Ports tab (under IP  Firewall), be sure that
PPtP is enabled.  That is your PPtP Helper to allow it to pass via the
MT NAT.  Don't have a clue as to why you would need it unless it allows
other ports through (GRE or something).

Eric Rogers
Precision Data Solutions, LLC
(317) 831-3000 x200


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of rabbtux rabbtux
Sent: Friday, August 01, 2008 8:53 PM
To: WISPA General List
Subject: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

All,

I have a fully routed network behind a MT border gateway that does nat
for
most residential customers.  Recently, I am hearing more rumblings about
customers with pptp VPNs having problems.  From what I undersand, isn't
PPPTP supposed to be NAT friendly??  Is there something inherent about
it
that would prevent multiple client connections from behind the same nat?
In
our case, the customer has a home router (nat) and the border router
connected to fiber also does nat.  All tips and network wisdom is
appreciated!

Thanks,
Marshall




WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

2008-08-01 Thread rabbtux rabbtux
Yes I have that enabled already.  In fact, on other MT systems that carry
the backhaul (no firewall or nat) I also enabled this just to be safe.
Version 2.9.x has a helper for GRE and PPtP, version 3.x only has PPtP, in
these firewall 'helpers'.  My border system is version 3.10.  I need to make
progress on this issue, since a couple customers have gone into town to
other hotspots and have no trouble, so my network is to blame.

On Fri, Aug 1, 2008 at 7:23 PM, Eric Rogers [EMAIL PROTECTED]wrote:

 In your Mikrotik Service Ports tab (under IP  Firewall), be sure that
 PPtP is enabled.  That is your PPtP Helper to allow it to pass via the
 MT NAT.  Don't have a clue as to why you would need it unless it allows
 other ports through (GRE or something).

 Eric Rogers
 Precision Data Solutions, LLC
 (317) 831-3000 x200


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
 Behalf Of rabbtux rabbtux
 Sent: Friday, August 01, 2008 8:53 PM
 To: WISPA General List
 Subject: [WISPA] multiple PPPTP vpn clients behind NAT, tips?

 All,

 I have a fully routed network behind a MT border gateway that does nat
 for
 most residential customers.  Recently, I am hearing more rumblings about
 customers with pptp VPNs having problems.  From what I undersand, isn't
 PPPTP supposed to be NAT friendly??  Is there something inherent about
 it
 that would prevent multiple client connections from behind the same nat?
 In
 our case, the customer has a home router (nat) and the border router
 connected to fiber also does nat.  All tips and network wisdom is
 appreciated!

 Thanks,
 Marshall


 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



 
 WISPA Wants You! Join today!
 http://signup.wispa.org/

 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/