From owner-freebsd-isp@FreeBSD.ORG Sun Aug 13 18:14:38 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1BAB16A4DD for ; Sun, 13 Aug 2006 18:14:38 +0000 (UTC) (envelope-from anderson@centtech.com) Received: from mh1.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B2DB43D45 for ; Sun, 13 Aug 2006 18:14:37 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [192.168.42.24] (andersonbox4.centtech.com [192.168.42.24]) by mh1.centtech.com (8.13.1/8.13.1) with ESMTP id k7DIEZws002857; Sun, 13 Aug 2006 13:14:36 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <44DF6C21.7080302@centtech.com> Date: Sun, 13 Aug 2006 13:14:57 -0500 From: Eric Anderson User-Agent: Thunderbird 1.5.0.5 (X11/20060802) MIME-Version: 1.0 To: Troy Settle References: <44DF3565.1060506@psknet.com> In-Reply-To: <44DF3565.1060506@psknet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.87.1/1654/Sun Aug 13 06:42:22 2006 on mh1.centtech.com X-Virus-Status: Clean Cc: freebsd-isp@freebsd.org Subject: Re: VPN through NAT? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Aug 2006 18:14:38 -0000 On 08/13/06 09:21, Troy Settle wrote: > Probably not the best list to ask this on, but it's the closest that I'm > subscribed to... > > I have several customers who use VPN (Windows PPTP) to connect to their > Corporate networks. The first was sitting behind NAT on a FreeBSD > router. The PPTP did not work. I moved them out of NAT and onto a > regular IP, and it worked fine. I then swapped out the FreeBSD box with > a Cisco 2620 and again tried the PPTP via NAT, but still it wouldn't work. > > Another customer is behind a Cisco 804 and his PPTP also did not work > when his network was behind NAT, so I have to assign a static subnet for > him. > > From home, sitting behind NAT on my Netgear router, I can turn up PPTP > connections all day long. What gives with FreeBSD and Cisco's > implementation of NAT that PPTP doesn't want to work? > > Thanks, > I'm no expert on the subject, but I recall hitting this in the past and reading about passing GRE packets through, along with a couple of ports to forward to the VPN endpoint. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Anything that works is better than anything that doesn't. ------------------------------------------------------------------------