Mulitple PPTP VPNs from client PCs failing

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
mattzees
DD-WRT Novice


Joined: 14 Dec 2011
Posts: 22
Location: USA

PostPosted: Wed Dec 14, 2011 21:01    Post subject: Mulitple PPTP VPNs from client PCs failing Reply with quote
Hi All.

I've read a lot of conflicting information on the subject, and so I'd like a definitive answer. I've been reading that a Linux firewall (like DD-WRT) cannot handle having multiple PPTP clients behind it, all connecting to the same remote VPN server. Apparently, the GRE packets get messed up.

A good example of this is PFsense, which says that it can't handle multiple PPTP VPN sessions to the same remote server.

See here:
http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43

"The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server."


The problem I'm having occurs with the following setup:

Location A
WRT-54GL, Build 10011 (old, I know)
10 Windows XP PCs making a PPTP connection to...

Location B
WRT-54GL Build 10011
Windows 2003 VPN Server

When one user is at Location A, he sits at his PC, he double-clicks on a script that opens a PPTP session to the VPN server at Location B, and then starts an RDP session with that user's corresponding PC at Location B.

This works fine with one or two users at Location A.

When all ten users are working at once from Location A, and trying to VPN into Location B, everything goes to hell pretty quickly.

TRACERT ping times between the two locations are between 30-100ms, depending on load.

I am planning on upgrading the routers to a pair of Netgear WNDR3700 v2's running build 17201, but beyond that, I guess I was wondering:

Will DD-WRT properly handle multiple PPTP sessions connecting to a single remote VPN server?

Should I use a different type of VPN?

Wouldn't L2TP still have the same problems, because it also uses the GRE protocol?


Help.

Thanks.
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Thu Dec 15, 2011 21:17    Post subject: Reply with quote
let the wrt handle the tunnel to the server.
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
mattzees
DD-WRT Novice


Joined: 14 Dec 2011
Posts: 22
Location: USA

PostPosted: Fri Dec 16, 2011 5:13    Post subject: Reply with quote
You mean, use the PPTP server in the router?

Can't do that. I have too many users to maintain concurrent lists.

In other news... I upgraded the router, and the problem is not occurring with two users connected. I'm going to let them stay connected for 24 hours and see what happens.

Will post an update when I know more.

Thanks.
RobbieCrash
DD-WRT Novice


Joined: 28 Aug 2008
Posts: 33

PostPosted: Fri Jan 13, 2012 6:10    Post subject: Reply with quote
Your users wouldn't have to do anything. Use the DDWRT to dial one tunnel, and then have it route all packets to the remote subnet over the PPP0 connection.

for example, if the remote network is 172.24.0.0/16:

route add -net 172.28.0.0 netmask 255.255.0.0 ppp0

Then either grab DNS from the remote DNS server, set up a local copy of it, or add remote hostnames to your users' hosts files.

I've got ~30 people going over a wrt54GL in this manner, and there's no issues at all.
mattzees
DD-WRT Novice


Joined: 14 Dec 2011
Posts: 22
Location: USA

PostPosted: Sat Feb 18, 2012 5:47    Post subject: Reply with quote
Just circling back on this...

I've upgraded the routers at both endpoints from WRT-54GL's to WNDR3700's. I can now get 4 PPTP VPN tunnels running fine. I just had 4 of them running for 24 hours straight. No problems. When I added a 5th PPTP connection, the other 4 of them dropped.

This is not entirely repeatable.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum