mailing list archives
Re: VPN: PPTP with NAT traversal ?
From: Mark Lewis <mark () mjlnet com>
Date: Sat, 11 Dec 2004 00:18:08 GMT
Simple question: Is it possible to bypass a NAT using PPTP?
I'm using Windows 98/2000/XP clients and Linux server
(debian, pptpd, pppd)
It depends on the *NAT box*, and it's configuration (there
shouldn’t be a problem with the client or server). There are
Scenario #1: 'Regular' 1-to-1 NAT
Scenario #2: NAPT/PAT
PPTP has a control channel connection (TCP port 1723), and a
data channel using eGRE (IP prot 47). The control channel is
used for PPTP tunnel/session setup/maintenance/teardown, and
the data channel is used to tunnel user data packets.
NAT/NAPT/PAT boxes shouldn't have a problem with the control
channel, but the data channel can cause problems.
Some NAT/NAPT/PAT boxes *may* have problems translating data
channel eGRE packets (because they are not UDP or TCP packets).
Cisco routers shouldn't have a problem doing 1-1 NAT for data
channel (eGRE) packets, but support for NAPT/PAT for data
channel packets was only added in IOS 12.1(4)T [the NAPT/PAT
translation is based on the Call ID in the eGRE header].
So, it depends on the NAT box.
Hope that helps,
- Re: VPN: PPTP with NAT traversal ? Mark Lewis (Dec 13)