On 2007/11/22 14:04, Henning Brauer wrote: > * Reyk Floeter <[EMAIL PROTECTED]> [2007-11-22 13:11]: > > On Tue, Nov 20, 2007 at 08:06:39PM +0530, Girish Venkatachalam wrote: > > > pf(4) can do this. I have a diff with me but if I send it in the present > > > state, then Theo will catch my neck. :) > > > > > > I should be able to submit a diff soon. I need to modify it to meet the > > > high standards of OpenBSD... > > > > > > > i'm sure that somebody told you about the reason to reject these patches: > > > > it does not belong into the kernel! > > well. depends. if it is reasonably small and obvious it might be ok.
it must look at the control message on TCP/1723 and translate CallID; then it must look at the session packets (GRE/proto 47) and translate CallID the same way. the parts handling control messages probably belong in userland and they can add translation rules to an anchor like ftp-proxy does, but that would need a change to PF so that you can tell it to translate CallID for GRE packets (like you can tell it to translate port for TCP/UDP). http://blogs.isaserver.org/pouseele/2007/06/17/multiple-pptp-vpn-clients-behind-a-nat-device/
