Topic: Is enable PPTP Call ID masquerade in KERNEL?

[Luis]

I am try obtain 2 simultaneous PPtP connection to the same remote PPtP Server (e-smith).

My 2 clients have using other e-smith (local) like default gateway to internet.

I lost connection (checked by ping command) to remote server later i make 2 pptp connection from w2k clients.

i cant make pptp connection and obtain differents ip for each, but i lost routing of packet to remote server.

Any body cant help me?..

This is a limitation of pptp protocols ?

I read from VPN-Masquerade-HOWTO

----------------
2.7 Can several clients on my local network use PPTP simultaneously?
Yes.

You must enable PPTP Call ID masquerade when configuring your kernel in order to distinguish between multiple data streams from the same server. PPTP masq with Call ID masq enabled will support many concurrent masqueraded sessions with no restrictions on which server a client can call.

----------------


Thanks in advance an sorry by my english.

Luis

[Bill Talcott]

Luis wrote:
>
> I read from VPN-Masquerade-HOWTO
>
> ----------------
> 2.7 Can several clients on my local network use PPTP
> simultaneously?
> Yes.
>
> You must enable PPTP Call ID masquerade when configuring your
> kernel in order to distinguish between multiple data streams
> from the same server. PPTP masq with Call ID masq enabled
> will support many concurrent masqueraded sessions with no
> restrictions on which server a client can call.
>
> ----------------

Don't crosspost, as it just splits up your answers.

PPTP masq is at the client end, not at the SME end. You'd need to enable it on the "other" gateway, so that the multiple PPTP clients behind it have their connections masqed.

[Luis]

Sorry by Cross Post, my situation is this

client 1----->>-!
                     ----->>!---- SME 01 -->>>-- INTERNET---->>> SME 02 PPTP SERVER
client 2----->>-!


I  obtain 2 pptp connection from client1 & 2 to SME02 but, next make a second conection, both the first and second conection made inoperability

My question is.. SME 01 need enable PPtp Call ID for support multiples clients to SME 02?

Is PPtP Call ID masquared enable in SME 5.5 U2 kernel ?

THANK!!...

Luis

[Bill Talcott]

I thought you meant you were using other software like SME at the other end...

If you want to connect two SME-LANs, look at the FreeS/WAN IPSec HowTo. This will create a tunnel between the two SMEs, allowing both LANs to be connected. Then the clients don't have to do anything...

[Luis]

YES!.. the diagram is my "test enviroment", in the "production real remote server" the other extreme (SME 02 in my test configuration) is a Network Service Provider for specific aplication.

I have not control about what happen in the "real remote server" but i need make a pptp conection from any client in  my land to remote server "simultaneous".

Any solutions ?... any patch for SME 5.5 U2 ?

Other Alternative?.. Distributions ?.. Hardware Solution?..

THANKS!!!

[ryan]

Luis,

I have experienced the problem you describe using the Microsoft PPTP client.  I found that SME since 5.0 will not hold multiple PPTP connections to another SME server.  If you must have this, do as Bill suggested and use FreeSwan.  

Another option you might test is using e-smith 4.1.2 server.  I was able to do multiple PPTP connections with 4.1.2 prior to upgrading to 5.0.  

Note I am refering to the Windows VPN (PPTP) client, not a IPSEC VPN client such as Extranet.  

ryan

[Boris]

I think the problem is with protocol itself. You SME 02 server accepts two connection from the same source (SME 01) and can not differentiate two sessions. If they would come from different networks it would be two different source IPs.Masq modules makes possible to connect multiple outbound sessions to different servers and track those sessions and this doesn't help in you situation. You real solution is permanent IPSec tunel between the servers and transperent for internal clients.

[Kelvin]

Before I got to playing with Freeswan in the past, I have managed to get multiple workstations behind a SME 5.1.2 server to connect to a MS PPTP server (as the company with MS end does not and will not support IPSec, at least in the forseeable future). The answer then was to get SME to be the PPTP client, and not the workstations themselves (hence, only one PPTP connection is being made). This was accomplished by installing the Linux PPTP client module into SME and configuring it to talk to the MS PPTP server at the other end. The workstations behind SME connects to internet as normal and has access to the remote network as well.

Kelvin

[Jim Huneycutt]

Kelvin,
Your solution sounds interesting. Do you have a howto or any links you could share? I have a similar problem.
Thanks,
jim

[iwan]

for alternative suggestion,  if what's needed is just a router to act as a pptp client, you might want to check out mikrotik.  the free license of mikrotik should be sufficient enough to meet your need.