On Thu, Feb 10, 2011 at 5:20 AM, Les Mikesell <lesmikesell at gmail.com> wrote: > On 2/9/2011 2:40 PM, Gordon Messmer wrote: >> >>> Another problem is that pptp is udp only and cannot be tunneled through >>> a firewall easily like openvpn or ipsec, so if there is any kind of nat >>> going on when you connect through the first vpn, it won't work because >>> you won't get your packets back. If you were able to use openvpn tcp or >>> IPSEC in a tcp tunneling configuration, it should work. >> >> Actually, PPTP tunnels use GRE packets. I can't think of any reason >> that you wouldn't be able to tunnel those, but many NAT devices >> definitely can't handle them (or can't handle more than one simultaneous >> GRE session). > > This may not be the problem here and might not even apply anymore, but > long, long ago I noticed that if you were doing nat with iptables and > sent a GRE packet out the wrong interface (e.g. before the interface > with the correct route came up), the mapping would be stuck in the > conntrack table and the route would never switch to the right interface > after the correct interface/route was available. That's most interesting thoughts guys. Thank you. It's using Centos 5.5. One more info, the PPTP doesn't work in my office wireless network. Google says it may be related to fact that the wireless routers may not be set to allow GRE. At home I'm using wireless too, but doesn't have access to the wifi admin (it's my roommates'). I'll try using cable and take a look at all your suggestions.