Hi Denis, Thanks a lot for testing!
> 1st scheme: > Machine A (inside VPP with 1:1 static mapping) running PPTP _server_. > Machine B (outside VPP with 1:1 iptables static mapping) running PPTP client. > This scheme works well. Splendid. > 2st scheme: > Machine A (inside VPP with 1:1 static mapping) running PPTP _client_. > Machine B (outside VPP with public ip) as hardware PPTP server. This scheme > works well. But only one session allowed. If we are create second connection > from Machine A to Machine C (outside VPP with public ip) this will not work. > OFC this is not required. Hmm... that seems like a bug. Let's see if we can reproduce. The NAT session entry is indexed on the outside by SA, DA and IP protocol so this should have worked. > 3st scheme: > Machine A (inside VPP with 1:1 static mapping) running PPTP _server_. > Machine B (inside VPP with 1:1 static mapping) running PPTP _client_. > Maching B cannot connect to Machine A. This may cover hairpin nat issue. > OFC this machines can doing connection via local addressing and it will be > work. Same here. This should work. Let's figure this one out too. > BTW, we are not testing yet technology when we SNAT two pptp clients in > iptables mechanism (and those clients snatt (-ing) with one public address). Best regards, Ole
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev