Topic: PPTP - Multiple Client Problem

[Paul F]

I am having a very frustrating PPTP problem.

I cannot connect multiple PPTP clients that are behind a (cheapo) router/gateway to the server. I have tried several routers including a 3COM unit that documents support for up to 8 PPTP clients. 3COM used the same device to connect multiple PPTP clients to one of their hardware PPTP servers without any problem.

Summary
-------------

What I can do is:

a) Connect multiple PPTP clients from behind another E-Smith Gateway.

b) Connect multiple PPTP clients from different IP's

What I cannot do is:

a) Connect multiple PPTP clients from behind a hardware router/gateway that is supposed to support this. After the first connection, the server does not send back any CHAP auth.

*** The clients are W9X/W2K systems.


Thanks for any support!

[Bill Talcott]

I've always been under the impression that you needed separate public IPs for each PPTP connection. In other words, clients behind a shared connection had to connect to multiple IPs on the server, or each client had to have a public IP to connect to the server's one IP. But if you can connect multiple clients from behind an SME, I guess that throws my theory out the window...

Since it works with sharing the connection a different way (the SME), it sounds like it's a problem with the router configuration. Is there an option somewhere to turn PPTP NAT on and off maybe?

[Paul F]

Thanks. Unfortunately not. There is really nothingh to configure on the router just making sure PPTP is not disabled.

I used 3COM's configuration file anyway to double check and the problem remains. One PPTP client only to my server, but multiple to their HW server is fine.

[Rob Wellesley]

Bill Talcott wrote:
>
> I've always been under the impression that you needed
> separate public IPs for each PPTP connection.

Yep - if you have two clients accessing a remote SME on pptp and both those clients are accessing the internet thru a NATed gateway, then SME sees that they are both from the same IP (the external IP of the NATed gateway) and will only allow one connection.

i.e.
client=192.168.1.3

Lan Gateway=192.168.1.1
NAT
Ext Gateway=210.86.3.x


PPTP server sees client as 210.86.3.x

So another client from the samr lan cannot connect simultaneously

rob

[Paul F]

Thanks for the info.

I still am not getting why it works from clients that are behind another SME Gateway though? These clients are also behind NAT are they not?

[Bill Talcott]

Paul F wrote:
>
> Thanks for the info.
>
> I still am not getting why it works from clients that are
> behind another SME Gateway though? These clients are also
> behind NAT are they not?

Yeah, Rob, that's what I thought. But Paul said that NAT-ed clients behind one SME could VPN to another SME, which shouldn't be possible...

[Kelvin]

>Yeah, Rob, that's what I thought. But Paul said that NAT-ed clients behind one
> SME could VPN to another SME, which shouldn't be possible...

It shouldn't, normally. Otherwise, all known info about how the PPTP system works goes out the window.

Rob's explanation is correct. Paul's setup and use probably needs further clarification before we can understand what he's attempting (and is able or not able to do).

For multiple workstations behind one SME server to "VPN" to another server to make use of it's services (or access data, etc.) you could setup either an IPSec tunnel or if the receiving end only accepts PPTP connections (eg. an SME server without the IPSec Add-ons), you could install a PPTP client onto the client-side SME server and have it establish a VPN connection to the remote server. The workstations should then be able to connect to the remote server (without needing to individually VPN to it).

Kelvin

[Paul F]

Appologies are in order here.

I discovered that while I can establish the PPTP client connections and the authentication passes (unlike when I tried to use the 3COM hardware gateway) I cannot do anything (ping, browse etc.) after about 25 seconds!

So my testing was not thourough.

Thanks for your replies, I will be imlementing either IPSEC or PPTP client.