FreeBSD Port: mpd5-5.8_10 - only one client behind NAT can work simultaneously
Eugene Grosbein
eugen at grosbein.net
Sat May 18 20:10:52 UTC 2019
19.05.2019 0:31, Robert Heron wrote:
> I use mpd5 from ports on FreeBSD 11.2-RELEASE-p10 amd64 and there is one serious problem I can’t solve: when connecting clients from behind NAT (with the same public IP) to an mpd5 box, every new established connection causes the previous one (from the same source IP) to go dead. Any IP traffic is stopped through the previous connection but its ng interface still exists. This happens regardless of used cryptography. I’ve tried both PPTP and L2TP over IPSec PSK (with racoon). When one client connects, it works OK. When any second one from the same public IP connects, then previous IP traffic dies. My firewall is open.
> I’ve searched the net, but found no clue :(
If you use PPtP and no IPSEC, then you use PPtPGRE - that is, modified version of GRE protocol.
Your NAT box must support multiple PPtPGRE connections for this to work.
If you use another FreeBSD as NAT box, it has support for multiple PPtP connections
by means of ipfw nat if you load alias_pptp.ko kernel module.
If your NAT box has no support for aliasing multiple PPtP clients, you are out of luck
and need to change NAT box or switch to another protocol.
As for L2TP without IPSEC, you can use PPP/MPPE inside L2TP to encapsulate VPN into UDP stream
and then it will pass through any NAT box without extra protocol support.
I do not know if it is possible to run multiple L2IP/IPSEC clients behind same NAT box.
Anyway, this is all not problem of mpd5 but of NAT box or IPSEC.
More information about the freebsd-net
mailing list