Re: VPN: PPTP with NAT traversal ?

[Mark Lewis <mark () mjlnet com>]

> > Simple question: Is it possible to bypass a NAT using PPTP?
> >
> > I'm using Windows 98/2000/XP clients and Linux server
(debian, pptpd, pppd)

It depends on the *NAT box*, and it's configuration (there
shouldn’t be a problem with the client or server). There are
two scenarios:

Scenario #1: 'Regular' 1-to-1 NAT

Scenario #2: NAPT/PAT

PPTP has a control channel connection (TCP port 1723), and a
data channel using eGRE (IP prot 47). The control channel is
used for PPTP tunnel/session setup/maintenance/teardown, and
the data channel is used to tunnel user data packets.

NAT/NAPT/PAT boxes shouldn't have a problem with the control
channel, but the data channel can cause problems.

Some NAT/NAPT/PAT boxes *may* have problems translating data
channel eGRE packets (because they are not UDP or TCP packets).

Cisco routers shouldn't have a problem doing 1-1 NAT for data
channel (eGRE) packets, but support for NAPT/PAT for data
channel packets was only added in IOS 12.1(4)T [the NAPT/PAT
translation is based on the Call ID in the eGRE header].

So, it depends on the NAT box.

Hope that helps,

Mark

Author: http://www.amazon.com/exec/obidos/ASIN/1587051044