Date: Thu, 17 Jul 2003 13:34:45 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Brett Glass <brett@lariat.org> Cc: net@freebsd.org Subject: Re: NAT and PPTP Message-ID: <Pine.BSF.4.21.0307171334360.4588-100000@InterJet.elischer.org> In-Reply-To: <200307171936.NAA03141@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
how is he doing pptp? On Thu, 17 Jul 2003, Brett Glass wrote: > FreeBSD makes a very good NAT router... for most applications. > But a client of mine is having terrible trouble with it when > trying to use NAT with one particular protocol: PPTP. > > Here's what's going on. A client has a FreeBSD box that's serving as a > NAT router. He has one public IP, and lots of PCs behind the router on > unregistered IPs. This works fine when they're doing browsing, etc., but > fails horribly when users try to use PPTP to tunnel out into another LAN > across the Internet. > > The problem appears to be that PPTP -- while it uses TCP for its control > connection -- uses GRE to encapsulate an encrypted PPP session between the > client and the server. GRE, like TCP and UDP, is in the IP protocol family and > uses IP addressing. However, it doesn't use "ports," as IP and UDP do; > instead, it has a different mechanism for identifying packets that belong to > different sessions or connections, and the header fields that must be > inspected vary depending upon the encapsulated protocol. FreeBSD's natd > doesn't understand that mechanism, so it doesn't know how to route GRE packets > from the outside world back to the correct client on the private LAN. > > Some NAT routers (including the DI-604 from D-Link; see > http://www.dlink.com/products/?pid=62) are able to route PPTP's GRE packets > correctly when multiple clients on the private LAN want to tunnel out, so it's > obviously possible. Who is the current maintainer of FreeBSD's NAT code > (including natd and the NAT libraries)? How difficult would it be to add > PPTP support to them? > > --Brett Glass > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0307171334360.4588-100000>