Posted: Wed Dec 14, 2011 21:01 Post subject: Mulitple PPTP VPNs from client PCs failing
Hi All.
I've read a lot of conflicting information on the subject, and so I'd like a definitive answer. I've been reading that a Linux firewall (like DD-WRT) cannot handle having multiple PPTP clients behind it, all connecting to the same remote VPN server. Apparently, the GRE packets get messed up.
A good example of this is PFsense, which says that it can't handle multiple PPTP VPN sessions to the same remote server.
"The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server."
The problem I'm having occurs with the following setup:
Location A
WRT-54GL, Build 10011 (old, I know)
10 Windows XP PCs making a PPTP connection to...
Location B
WRT-54GL Build 10011
Windows 2003 VPN Server
When one user is at Location A, he sits at his PC, he double-clicks on a script that opens a PPTP session to the VPN server at Location B, and then starts an RDP session with that user's corresponding PC at Location B.
This works fine with one or two users at Location A.
When all ten users are working at once from Location A, and trying to VPN into Location B, everything goes to hell pretty quickly.
TRACERT ping times between the two locations are between 30-100ms, depending on load.
I am planning on upgrading the routers to a pair of Netgear WNDR3700 v2's running build 17201, but beyond that, I guess I was wondering:
Will DD-WRT properly handle multiple PPTP sessions connecting to a single remote VPN server?
Should I use a different type of VPN?
Wouldn't L2TP still have the same problems, because it also uses the GRE protocol?
Can't do that. I have too many users to maintain concurrent lists.
In other news... I upgraded the router, and the problem is not occurring with two users connected. I'm going to let them stay connected for 24 hours and see what happens.
Your users wouldn't have to do anything. Use the DDWRT to dial one tunnel, and then have it route all packets to the remote subnet over the PPP0 connection.
for example, if the remote network is 172.24.0.0/16:
I've upgraded the routers at both endpoints from WRT-54GL's to WNDR3700's. I can now get 4 PPTP VPN tunnels running fine. I just had 4 of them running for 24 hours straight. No problems. When I added a 5th PPTP connection, the other 4 of them dropped.