My initial thoughts were that it could be an issue with static versus dynamic NAT, if only one connection is established there is a 1:1 relationship and no extended translation is required. If a second is established a many-to-one/dynamic translation is required and I was thinking the associated GRE traffic might be mismatched and then dropped.
----- PS you might find it of interest to read up on NAT Traversal - its used to solve the issue you describe above. Cheers, Mark On 5 Jan 2012, at 15:56, "Stewart MacDonald" <stew...@macdonald.com> wrote: > Happy 2012! > > We have Packetfence in the office and love it, but we're experiencing one > (minor) quirk and I am wondering whether anybody else has experienced it or > sees the same thing. > > We have a remote location which uses PPTP -- a little weak, I know -- for > mobile user vpn access. The PPTP service is reliable and works as expected, > here is the quirk: > > If we establish one concurrent vpn connection we don't encounter any issues, > the user can authenticate and connect with no issues. If we establish a > second, though, it initiates a connection but never authenticates. If we run > the same test from in front Packetfence there are no issues. The logs do not > show any errors. > > My initial thoughts were that it could be an issue with static versus dynamic > NAT, if only one connection is established there is a 1:1 relationship and no > extended translation is required. If a second is established a > many-to-one/dynamic translation is required and I was thinking the associated > GRE traffic might be mismatched and then dropped. > > Has anyone seen anything similar? At the end of the day we're hoping to get > rid of PPTP entirely but hold on to it for a handful of legacy users which > have XP. We also support a few clients which supply PPTP accounts to our > technical support staff. > > Warm regards, > Stewart > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > Packetfence-users mailing list > Packetfence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users Nuffield College is a Registered Charity No. 1137506. Registered Office: Nuffield College, New Road, Oxford, OX1 1NF ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ Packetfence-users mailing list Packetfence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
