128 bit PPTP Encryption and NAT

Lillian Kulhanek Lillian.Kulhanek at ENERGY.ON.CA
Thu Aug 3 09:54:49 EDT 2000


The only kernel I know of that has pptp masquerade built-in is with Red Hat
with kernel 2.2.16-8, and that's supposed to be rawhide, ie. not for
production, unless you're daring.  (I haven't used it yet).  Which versions
of Linux with which kernels, specifically production, are you aware of that
have the support built-in?

Lillian


-----Original Message-----
From:	Jon Carnes [mailto:jonc at HAHT.COM]
Sent:	August 2, 2000 7:35 AM
Subject:	Re: 128 bit PPTP Encryption and NAT

Linux (and BSD) fully support running PPTP from behind a NAT.  They are
beyond the patch stage.  you can run multiple incidents of PPTP from behind
a Linux firewall.

Jon Carnes
MIS - HAHT Software
----- Original Message -----
From: "Pete Davis" <pete at ETHER.NET>
To: <VPN at SECURITYFOCUS.COM>
Sent: Tuesday, August 01, 2000 4:46 PM
Subject: Re: 128 bit PPTP Encryption and NAT


> You can use PPTP sessions from behind a NAT (PAT) device as long as it
supports
> GRE PAT, which most devices do not. Many small devices do have this
support
> and Linux does with a special patch from John Hardin. You will only be
able
> to use 1 PPTP session at a time from behind this NAT device to a specific
> central site Concentrator at a time.
>
> Regards,
>
> pete
>
> On Mon, Jul 31, 2000 at 05:59:27PM -0700, Michael Medwid wrote:
> > Should there be any incompatibility between 128 bit PPTP encryption
> > and users behind a NATted environment?  My Altiga (Cisco 3030) seems to
kick
> > off the tunnels if they were originated from a NATted environment.
Cisco
> > TAC didn't have too much to say on the whole thing other than "uh yeah
that
> > won't work."  Thanks for any insight.
> >
> > -Michael
> >
> > VPN is sponsored by SecurityFocus.COM
>
> ---
>      Pete Davis - Product Manager <psd at cisco.com>  (508) 541-7300 x6154
>    Cisco Systems, Inc.  - 124 Grove Street Suite 205   Franklin, MA 02038
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list