From owner-freebsd-net@FreeBSD.ORG Thu Jul 17 13:34:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19B7537B401 for ; Thu, 17 Jul 2003 13:34:56 -0700 (PDT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8892743FA3 for ; Thu, 17 Jul 2003 13:34:55 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.233.125.100]) by attbi.com (rwcrmhc11) with ESMTP id <2003071720345401300l1eioe>; Thu, 17 Jul 2003 20:34:54 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id NAA05722; Thu, 17 Jul 2003 13:34:47 -0700 (PDT) Date: Thu, 17 Jul 2003 13:34:45 -0700 (PDT) From: Julian Elischer To: Brett Glass In-Reply-To: <200307171936.NAA03141@lariat.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: net@freebsd.org Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2003 20:34:56 -0000 how is he doing pptp? On Thu, 17 Jul 2003, Brett Glass wrote: > FreeBSD makes a very good NAT router... for most applications. > But a client of mine is having terrible trouble with it when > trying to use NAT with one particular protocol: PPTP. > > Here's what's going on. A client has a FreeBSD box that's serving as a > NAT router. He has one public IP, and lots of PCs behind the router on > unregistered IPs. This works fine when they're doing browsing, etc., but > fails horribly when users try to use PPTP to tunnel out into another LAN > across the Internet. > > The problem appears to be that PPTP -- while it uses TCP for its control > connection -- uses GRE to encapsulate an encrypted PPP session between the > client and the server. GRE, like TCP and UDP, is in the IP protocol family and > uses IP addressing. However, it doesn't use "ports," as IP and UDP do; > instead, it has a different mechanism for identifying packets that belong to > different sessions or connections, and the header fields that must be > inspected vary depending upon the encapsulated protocol. FreeBSD's natd > doesn't understand that mechanism, so it doesn't know how to route GRE packets > from the outside world back to the correct client on the private LAN. > > Some NAT routers (including the DI-604 from D-Link; see > http://www.dlink.com/products/?pid=62) are able to route PPTP's GRE packets > correctly when multiple clients on the private LAN want to tunnel out, so it's > obviously possible. Who is the current maintainer of FreeBSD's NAT code > (including natd and the NAT libraries)? How difficult would it be to add > PPTP support to them? > > --Brett Glass > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >