IPF ipnat sends GRE packets to wrong client

W

weiclin

I have two clients that want to connect to a remote PPTP server. Both clients are under a host running ipnat. The problem is that I can only connect one client. When the second client sends GRE packets, the reply is getting sent to the first client that connected to PPTP. I know there are difficulties for NAT to identify different GRE connections. I'm just wondering if there is any solution or workaround for it?

Here is the tcpdump output (with fake IP):
Code: 
03:42:10.310924 IP 192.168.233.164 > 174.235.129.167: GREv1, call 1152, ack 14, no-payload, length 12
03:42:10.790648 IP 192.168.233.164 > 174.235.129.167: GREv1, call 1152, seq 15, length 101: compressed PPP data
03:42:10.811881 IP 174.235.129.167 > 192.168.233.164: GREv1, call 0, seq 15, ack 15, length 105: compressed PPP data
03:42:11.312848 IP 192.168.233.164 > 174.235.129.167: GREv1, call 1152, ack 15, no-payload, length 12
03:42:11.791699 IP 192.168.233.164 > 174.235.129.167: GREv1, call 1152, seq 16, length 101: compressed PPP data
03:42:11.813112 IP 174.235.129.167 > 192.168.233.164: GREv1, call 0, seq 16, ack 16, length 105: compressed PPP data
03:42:12.314024 IP 192.168.233.164 > 174.235.129.167: GREv1, call 1152, ack 16, no-payload, length 12
03:42:19.784866 IP 192.168.233.163 > 174.235.129.167: GREv1, call 1536, seq 1, length 36: LCP, Conf-Request (0x01), id 1, length 22
03:42:20.131276 IP 174.235.129.167 > 192.168.233.164: GREv1, call 0, seq 0, length 41: LCP, Conf-Request (0x01), id 1, length 27
03:42:22.671213 IP 192.168.233.163 > 174.235.129.167: GREv1, call 1536, seq 2, length 36: LCP, Conf-Request (0x01), id 1, length 22
03:42:23.133997 IP 174.235.129.167 > 192.168.233.164: GREv1, call 0, seq 1, length 41: LCP, Conf-Request (0x01), id 1, length 27
03:42:25.675241 IP 192.168.233.163 > 174.235.129.167: GREv1, call 1536, seq 3, length 36: LCP, Conf-Request (0x01), id 1, length 22
03:42:26.136731 IP 174.235.129.167 > 192.168.233.164: GREv1, call 0, seq 2, length 41: LCP, Conf-Request (0x01), id 1, length 27
03:42:28.678275 IP 192.168.233.163 > 174.235.129.167: GREv1, call 1536, seq 4, length 36: LCP, Conf-Request (0x01), id 1, length 22
03:42:29.138170 IP 174.235.129.167 > 192.168.233.164: GREv1, call 0, seq 3, length 41: LCP, Conf-Request (0x01), id 1, length 27
 
You must log in or register to reply here.
Back
Top