PPTP multiple client passthrough is working now, with the patch. Thatz great. IPSec do not have any patch for NAT, it seems. Any info on how to go about that? ----- Original Message ----- From: "Gary W. Smith" <gary@xxxxxxxxxxxxxxx> To: "Salim" <salim.si@xxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Friday, September 23, 2005 10:23 AM Subject: RE: PPTP/IPSec multiple clients behind iptables NAT You need to down patch-o-matic but the problem is that RH 2.4 kernel is a hybrid kernel (uses much of 2.6 in it). I am running the patch on RHES 4. Gary > -----Original Message----- > From: Salim [mailto:salim.si@xxxxxxxxxxxx] > Sent: Thursday, September 22, 2005 7:24 PM > To: Gary W. Smith; netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: PPTP/IPSec multiple clients behind iptables NAT > > Thanks Gary. > > My kernel is Red Hat 2.4.25. > Could you please give more details about the patch? > > ----- Original Message ----- > From: "Gary W. Smith" <gary@xxxxxxxxxxxxxxx> > To: "Salim" <salim.si@xxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> > Sent: Friday, September 23, 2005 10:03 AM > Subject: RE: PPTP/IPSec multiple clients behind iptables NAT > > > PPTP requires a patching of the kernel and a recompile of the kernel and > iptables (against the new kernel headers) to make this work. It also > matters which kernel version you are using. There have been > miscellaneous problems with different kernels report. I believe many > have been fixed though. > > Gary Smith > > > -----Original Message----- > > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Salim > > Sent: Thursday, September 22, 2005 6:58 PM > > To: netfilter@xxxxxxxxxxxxxxxxxxx > > Subject: PPTP/IPSec multiple clients behind iptables NAT > > > > I am using iptables 1.3.3 > > > > I had some problems with multiple clients behind NAT(a simple > MASQUERADE > > rule is set) connecting to the same VPN server. ONly one client can > > connect > > at a time. > > I have enables the CONFIG_IP_NF_PPTP and CONFIG_IP_NF_CT_PROTO_GRE > options > > in kernel. > > > > I have read a few posts about this issue in the list from as early as > in > > 2003. But could not find a conclusion. > > > > Could you guys please clarify? Is this scenario supported by iptables? > If > > not, is there a way to get around this issue? > > > > thanks > > Salim > >
