On Wed, 7 Apr 2004, Peter Rundle wrote:
> Sluggers,
>
> Just need confirmation of my understanding of the limitations of VPN (pptp) and
> Nat'd
> networks.
>
> Linux Gateway to broadband (ADSL) masquerading for a bunch of windoze boxen. My
> understanding is that it's possible for one of the windoze boxes to estabish a pptp
> tunnel
> out through the masquerade to a pptd server out on the net, (and I've done this on a
> few
> occasions)
>
> *But!* only one box can setup such a tunnel at any given time. This is because the
> pptpd
> server out on the internet needs to initiate a seperate new tcp/ip session from the
> outside back in (for GRE?). The Linux iptables Nat is "smart enough" to be able to
> work
> out which PC this connection should be directed to because it matches it to the
> existing
> outbound tcp/ip session. However if more than one outbound session exists there is
> no way
> to match it up. Is my understanding correct?
>
> Education much appreciated and links to sites to bone up on pptpd VPN's etc much
> appreciated.
>
What you say is correct in my experience. At least until there's an
iptables module for GRE much like ip_nat_ftp.o or ip_conntrack_ftp.o
For the moment you'd have to establish the pptp conneciton from the
gateway. I don't know if you could have multiple pptp connections from the
gateway... and if so... maybe an SSL web page to allow setup of the pptp
connection (ie supply hostname, username, password).
--
---<GRiP>---
Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist,
Linux Guru, SLUG Secretary, AUUG and Linux Australia member, Sydney
Flashmobber, BMX rider, Walker, Raver & rave music lover, Big kid that
refuses to grow up. I'd make a good family pet, take me home today!
Do people actually read these things?
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
