How can Iget multiple outgoing VPN (pptp) connections with iptablesand snat?

Gary W. Smith gary at
Thu Apr 7 16:08:06 CEST 2005

Download patch-o-matic-ng (one the daily snapshot from last night would
be best as Harold has just made changes to the code), patch the kernel
and then recompile your kernel and iptables.

If you want PPTP you might also want to patch your kernel with mppe and
possibly bsd_comp as well.

You might also want to include what kernel you are running this on.  I
have had problems with a couple RH versions.  The latest works with RHEL

Gary Smith

> -----Original Message-----
> From: netfilter-bounces at [mailto:netfilter-
> bounces at] On Behalf Of AKholod
> Sent: Wednesday, April 06, 2005 5:53 AM
> To: netfilter at
> Subject: How can Iget multiple outgoing VPN (pptp) connections with
> iptablesand snat?
> I have problem. Multiple clients in our corporate network need access
> remote network by VPN - PPTP protocol, VPN gate to the remote network
> CISCO router with VPN support. I study many forums and find four
> for setup VPN connection:
> 1) VPN masquerading for old kernel - 2.0, 2.2
> 2) Special external program - pptpproxy
> 3) I find links to iptables extensions -
> <>
> ip_conntrack_pptp, ip_nat_proto_gre, ip_conntrack_proto_gre, but I
> find any sources for this modules.
> 4) Add next rules in iptables startup script:
> $IPTABLES -A FORWARD -p tcp --dport 1723 -i $LAN_IFACE -j ACCEPT
> And finally I have question: "How CORRECT (RECOMMENDED BY DEVELOPERS)
> for setup iptables version 1.2.11 and Linux kernel 2.6 for admission
> multiple outgoing PPTP VPN connections?"
> Best regards,
> Andrey Kholod

More information about the netfilter mailing list