Topic: Multiple Client PPTP Connections

[Alan Lawrence]

I am using SME 5.5 and have set it up to use PPTP, alowing 5 users to connect.
All works fine when trying to connect from muliple locations, as long as they all have different public ip addresses. Can have up to 5 people connected at any one time.
The problem is when trying to connect 2 clients from behind a cisco router running NAT. The error in the log on the SME server is 'Discarding out-of-order packet ....'.
Any one of these 2 clients connect on their own OK, just a problem when both trying to connect at the same time.
So is this a problem with using NAT, or a misconfiguration on the cisco router, or a problem with SME.
Many thanks in advance for any input into this problem.

[Bill Talcott]

That's the way PPTP works. The server can only have one connection per IP address, and the NAT-ed clients are using the same public IP address. You may want to look into Freeswan to set up a tunnel between the two networks, giving all those clients VPN access.

[Alan Lawrence]

Thanks Bill, thats what i thought but needed to be sure, i have a few options available to me, vpn tunnel between 2 cisco routers, using public ip's for the two machines in question.
Thanks again for a quick response.

[Ryan]

I experienced these PPTP problems beginning with SME 5.0.  You might play with a e-smith 4.1.2 server.  With 4.1.2, I was able to have more than one PPTP connection through 4.1.2 to the same external IP.  Please post your results if you are successful.

Ryan

[Richard]

Not quite.  I am using e-smith 4.12 and get the same 'Discarding out-of-order packet' error when more than 1 PC tries to connect using a common public IP.  Can you share your experience since you have done it successfully?

Richard

Ryan wrote:
>
> I experienced these PPTP problems beginning with SME 5.0.
> You might play with a e-smith 4.1.2 server.  With 4.1.2, I
> was able to have more than one PPTP connection through 4.1.2
> to the same external IP.  Please post your results if you are
> successful.
>
> Ryan

[ryan]

Richard,

I don't have any of my documented installs and fixes for 4.1.2, but I think 4.1.2 uses the same kernal as 5.1.2, so the fix for 5.1.2 should work....simply activate the ipsec pass through module in the kernel with the following commands:

/sbin/e-smith/db configuration setprop masq ipsec yes
/sbin/e-smith/signal-event remoteaccess-update

I can't say if this is the absolute right command for 4.1.2, so you might research it before trying it.  

By the way, this can't be done on a 5.6 or 6.0 box.......no such kernel mod exists at this time (that I am aware of).

have fun,

ryan

[Richard]

Hi Ryan,

Thank you for your respond.  Are your steps for ipsec or pptp vpn connection?

Richard

ryan wrote:
>
> Richard,
>
> I don't have any of my documented installs and fixes for
> 4.1.2, but I think 4.1.2 uses the same kernal as 5.1.2, so
> the fix for 5.1.2 should work....simply activate the ipsec
> pass through module in the kernel with the following commands:
>
> /sbin/e-smith/db configuration setprop masq ipsec yes
> /sbin/e-smith/signal-event remoteaccess-update
>
> I can't say if this is the absolute right command for 4.1.2,
> so you might research it before trying it.
>
> By the way, this can't be done on a 5.6 or 6.0 box.......no
> such kernel mod exists at this time (that I am aware of).
>
> have fun,
>
> ryan

[ryan]

My previous posting commands for the ipsec kernel module will allow for multiple outbound ipsec (not for AH 51)  connections.  4.1.2 out of the box should support multiple outbound/inbound pptp connections.  

ryan