On 2/9/2011 2:40 PM, Gordon Messmer wrote:
>
>> Another problem is that pptp is udp only and cannot be tunneled through
>> a firewall easily like openvpn or ipsec, so if there is any kind of nat
>> going on when you connect through the first vpn, it won't work because
>> you won't get your packets back. If you were able to use openvpn tcp or
>> IPSEC in a tcp tunneling configuration, it should work.
>
> Actually, PPTP tunnels use GRE packets. I can't think of any reason
> that you wouldn't be able to tunnel those, but many NAT devices
> definitely can't handle them (or can't handle more than one simultaneous
> GRE session).
This may not be the problem here and might not even apply anymore, but
long, long ago I noticed that if you were doing nat with iptables and
sent a GRE packet out the wrong interface (e.g. before the interface
with the correct route came up), the mapping would be stuck in the
conntrack table and the route would never switch to the right interface
after the correct interface/route was available.
--
Les Mikesell
lesmikesell at gmail.com