This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound PPTP Connection Problem...

I've got a weird problem with outbound  PPTP connection. We're using an internal range of workstations, NATing through an Astaro 3.2xx firewall to a Windows 2000 VPN server at another site.

If I try to start a PPTP connection from one of the Windows XP workstations on my internal network, it will attempt to connect and eventually fail with a 721  error. On the other hand, if I start a second PPTP connection from a different Windows XP workstation while the first workstation is still trying to connect, the second  workstation will succeed in connecting every time.

The fact that the second will connect under weird conditions makes me think it's not a packet filter problem. The weird part is that the packet filter live will show incoming GRE packets being denied when I'm trying to connect just one PC. I've got rules permitting all outbound traffic of all types from the internal network and there are also rules permitting GRE and PPTP from the outside VPN server.

Any ideas?

Grendel...

This thread was automatically locked due to age.

0 gnujuba over 22 years ago

hi grendel,

afaik you can not nat pptp connections. it will work for 1 connection.
a gre packet has no ports so there is no way to determine from which client the connection came from (on the way back).

look in the connection table of your asl. or if you trace the traffic (tcpdump) you will see that the traffic will always go back to the client who connected first.

i think there is a kernel-/netfilter-patch available for nating pptp/gre traffic but i dont konw if it is included in asl.

???
gnjb
Cancel
Vote Up 0 Vote Down

Cancel