Hi Stewart, Any findings based on Mark's comments? Maybe there's an optional iptables pptp connection tracking module that could help?
Quick googling reveals[1]: a) # modprobe ip_nat_pptp or b) http://www.mgix.com/pptpproxy/ If you get this to work and would be willing to provide a FAQ entry to set this up we would really appreciate it! > > We have Packetfence in the office and love it, but we're experiencing > one (minor) quirk and I am wondering whether anybody else has > experienced it or sees the same thing. > > We have a remote location which uses PPTP -- a little weak, I know -- > for mobile user vpn access. The PPTP service is reliable and works as > expected, here is the quirk: > > If we establish one concurrent vpn connection we don't encounter any > issues, the user can authenticate and connect with no issues. If we > establish a second, though, it initiates a connection but never > authenticates. If we run the same test from in front Packetfence there > are no issues. The logs do not show any errors. > > My initial thoughts were that it could be an issue with static versus > dynamic NAT, if only one connection is established there is a 1:1 > relationship and no extended translation is required. If a second is > established a many-to-one/dynamic translation is required and I was > thinking the associated GRE traffic might be mismatched and then dropped. > > Has anyone seen anything similar? At the end of the day we're hoping to > get rid of PPTP entirely but hold on to it for a handful of legacy users > which have XP. We also support a few clients which supply PPTP accounts > to our technical support staff. > Cheers! [1] http://www.linuxquestions.org/questions/linux-networking-3/port-forward-gre-and-pptp-using-iptables-210334/ -- Olivier Bilodeau obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Packetfence-users mailing list Packetfence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
