I have an MS PPTP server (win2k) behind a linux firewall (kernel 2.4.20 / iptables 1.2.7a) this does not work very well. You can only connect from one source at a time. Then there is a 10 minute (600 seconds) timeout before the next connection from a different source can be made. If you come from a LAN that is NAT'ed to one IP address (the firewalls) then all these clients can connect simultaneously. So it is either one client with a public ip address or several clients sharing a public IP address. But once their is a connection (either type) everybody else is blocked out.
I have tried to patch the kernel (patch-o-matic-20030107) with the pptp-conntrack-nat.patch. With this patch the firewall is able to recognize the GRE protocol. This can be seen in /proc/net/ip_conntrack where the connections involving GRE has changed from UNKNOWN to GRE. But with this patch it is not possible to connect, now the windows client only reach "verifying username and password" and then times out.
Without the patch it is possible to connect to the server one at a time and wait 10 minutes before the next connection from a different location
With the patch it is not possible to connect at all.
I run Debian 3.0 (woody) Kernel 2.4.20 and iptables 1.2.7a with the patched version and 1.2.6a with the unpatched version of the kernel.
I have seen more people talking about this issue on the web, but no one seems to have at solution.
regards Niels
