WINDOWS 2003 VPN SERVER BEHIND LINUX GATEWAY

-I have installed a windows 2003 server on my private lan (VPN with
PPTP)
-I have installed a Debian Linux gateway to NAT my private network on
Internet
-I use iptable on my Linux gateway to foward port 1723 and protocol 47
on my VPN SERVER
------------------------------------------------------------------------
This is a part of my configuration of iptables :
INET_IP = my internet address of my gateway

$IPTABLES -A PREROUTING -t nat -p gre -d $INET_IP -j DNAT
--to-destination $VPNSERVER
$IPTABLES -A PREROUTING -t nat -p tcp --dport 1723 -d $INET_IP -j DNAT
--to-destination $VPNSERVER

#NAT
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source
$INET_IP
echo "1"> /proc/sys/net/ipv4/ip_forward
-----------------------------------------------------------------------------

-I can connect on my VPN server with only one client at a time.
But I would like connect several client at a time !

Could you help me please.

Thanks

Hello,

Please don't yell (type in caps).

Nicolas a écrit :
> -I have installed a windows 2003 server on my private lan (VPN with
> PPTP)
> -I have installed a Debian Linux gateway to NAT my private network on
> Internet
> -I use iptable on my Linux gateway to foward port 1723 and protocol 47
> on my VPN SERVER
[...]
> -I can connect on my VPN server with only one client at a time.

What happens *exactly* when you try to connect from a second client ?
Do you have error messages, logs, network traces ?

> But I would like connect several client at a time !

Several clients with different public IP addresses or several clients
behind the same NAT device sharing the same public IP address ?

Pascal Hambourg a écrit :

> Hello,
>
> Please don't yell (type in caps).

Hello,

Ok excuse me... I 'am sorry

>
> Nicolas a écrit :
> > -I have installed a windows 2003 server on my private lan (VPN with
> > PPTP)
> > -I have installed a Debian Linux gateway to NAT my private network on
> > Internet
> > -I use iptable on my Linux gateway to foward port 1723 and protocol 47
> > on my VPN SERVER
> [...]
> > -I can connect on my VPN server with only one client at a time.
>
> What happens *exactly* when you try to connect from a second client ?
> Do you have error messages, logs, network traces ?

It impossible to join the vpn server windows client vpn error 678 "The
server don't answer"
excuse me for the translation because my error is in french so ...

>
> > But I would like connect several client at a time !
>
> Several clients with different public IP addresses or several clients
> behind the same NAT device sharing the same public IP address ?

In a first time client with different public IP addresses .
But I would like to device sharing the same public address can connect
too.

Thanks a lot to your help.

Best regards

I make new test and now I can connect with 2 clients on my VPN server
but client with different public IP.

But for client behind a NAT Gateway I have no solution ....

Thanks

Nicolas a écrit :

> Pascal Hambourg a écrit :
>
> > Hello,
> >
> > Please don't yell (type in caps).
>
> Hello,
>
> Ok excuse me... I 'am sorry
>
> >
> > Nicolas a écrit :
> > > -I have installed a windows 2003 server on my private lan (VPN with
> > > PPTP)
> > > -I have installed a Debian Linux gateway to NAT my private network on
> > > Internet
> > > -I use iptable on my Linux gateway to foward port 1723 and protocol 47
> > > on my VPN SERVER
> > [...]
> > > -I can connect on my VPN server with only one client at a time.
> >
> > What happens *exactly* when you try to connect from a second client ?
> > Do you have error messages, logs, network traces ?
>
> It impossible to join the vpn server windows client vpn error 678 "The
> server don't answer"
> excuse me for the translation because my error is in french so ...
>
> >
> > > But I would like connect several client at a time !
> >
> > Several clients with different public IP addresses or several clients
> > behind the same NAT device sharing the same public IP address ?
>
> In a first time client with different public IP addresses .
> But I would like to device sharing the same public address can connect
> too.
>
> Thanks a lot to your help.
>
> Best regards

Nicolas a écrit :
> I make new test and now I can connect with 2 clients on my VPN server
> but client with different public IP.

Good. This /should/ work without special handling.

> But for client behind a NAT Gateway I have no solution ....

This requires special handling by the NAT box at the client side. If it
runs GNU/Linux, the PPTP conntrack & NAT helper modules
ip_conntrack_pptp and ip_nat_pptp should be what you're looking for.
They are included in the mainstream kernel since version 2.6.14 ; watch
in the Netfilter patch-o-matic-ng for older kernel versions.

Thanks a lot for your help and your excellent advice.

Pascal Hambourg a écrit :

> Nicolas a écrit :
> > I make new test and now I can connect with 2 clients on my VPN server
> > but client with different public IP.
>
> Good. This /should/ work without special handling.
>
> > But for client behind a NAT Gateway I have no solution ....
>
> This requires special handling by the NAT box at the client side. If it
> runs GNU/Linux, the PPTP conntrack & NAT helper modules
> ip_conntrack_pptp and ip_nat_pptp should be what you're looking for.
> They are included in the mainstream kernel since version 2.6.14 ; watch
> in the Netfilter patch-o-matic-ng for older kernel versions.

On Wed, 15 Nov 2006 13:04:05 +0100, Pascal Hambourg wrote:

> Please don't yell (type in caps).

Type however you feel. Your style is your own, don't let others dictate
theirs to you.

Dan