VPN

Multiple Concurrent PPTP Connections

Q: I'm trying to establish more than one concurrent PPTP VPN connection from a network behind a NAT device, but only the first connection gets connected; why?

A: Point-to-Point Tunneling Protocol (PPTP) traffic is uniquely identified by a source IP address and a Call ID field in the GRE header. When multiple clients connect to the same VPN endpoint behind a common Network Address Translation (NAT), they all have the same source IP address. Because the different VPN clients are unaware of each other, they might choose the same Call ID field, which prohibits multiple connections because the VPN endpoint has no way to differentiate between the various connections. The resolution is that the NAT device behind which the devices are placed needs to support PPTP editor, which monitors PPTP tunnel creation and creates separate mappings to unique Call IDs as required. Windows RRAS NAT supports PPTP editor automatically, as do many NAT devices.

One trick I've found that can help is instead of using an IP address for the target VPN server on the VPN client, use a DNS name instead (even if it's an entry in the HOSTS file), which makes the PPTP editor work on some NAT devices.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish