From owner-freebsd-isp@FreeBSD.ORG Mon Aug 14 00:28:37 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4723A16A4DA for ; Mon, 14 Aug 2006 00:28:37 +0000 (UTC) (envelope-from jeff@norristechs.net) Received: from scooby.norristechs.net (scooby.norristechs.net [71.36.89.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D4A143D49 for ; Mon, 14 Aug 2006 00:28:36 +0000 (GMT) (envelope-from jeff@norristechs.net) Received: from [192.168.69.49] [71.36.89.205] by scooby.norristechs.net with ESMTP (SMTPD-8.21) id A3B30198; Sun, 13 Aug 2006 18:28:35 -0600 Message-ID: <44DFC3B1.6010901@norristechs.net> Date: Sun, 13 Aug 2006 18:28:33 -0600 From: Jeff at NorrisTechs Organization: NorrisTechs.NET.COM User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Troy Settle References: <44DF3565.1060506@psknet.com> In-Reply-To: <44DF3565.1060506@psknet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: Re: VPN through NAT? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 00:28:37 -0000 hmm, I assume you have TCP port 1723 forwarding from the internet/dmz to the PPTP host?. That should be enough for most PPTP based VPN clients. It's can be difficult with IPSEC as you have to forward UDP 500, Protocol 50 and Protocol 51 to / from the VPN client from your NAT router. ------------------------------------------------------------------------ */Jeff Norris/* /~ Web Hosting ~ VPN Solutions ~ Network Management ~ Design, deploy, kick ass. / *N*orris*Techs* dot net http://www.norristechs.net *AOL IM or Yahoo IM: _ ntshelper _* Troy Settle wrote: > Probably not the best list to ask this on, but it's the closest that > I'm subscribed to... > > I have several customers who use VPN (Windows PPTP) to connect to > their Corporate networks. The first was sitting behind NAT on a > FreeBSD router. The PPTP did not work. I moved them out of NAT and > onto a regular IP, and it worked fine. I then swapped out the FreeBSD > box with a Cisco 2620 and again tried the PPTP via NAT, but still it > wouldn't work. > > Another customer is behind a Cisco 804 and his PPTP also did not work > when his network was behind NAT, so I have to assign a static subnet > for him. > > From home, sitting behind NAT on my Netgear router, I can turn up PPTP > connections all day long. What gives with FreeBSD and Cisco's > implementation of NAT that PPTP doesn't want to work? > > Thanks, >