Multiple VPN sessions in same LAN

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi, all

I need to create VPN sessions for WinXP in LAN to an external Windows 2000
VPN server. When I connect the first workstation, it can log on successfully.
But when I log on with the next one, it will say "verifying username and
password..." then pop-up error 721 (remote server no response). I change to
logon order, the first one always work but the second one can't. Also, I can
create two VPN sessions on the same PC simultaneously.

However, once the first user logoff, the second user has to wait about 5
minute to logon successfully.

I have a Linux firewall (iptables) with Squid (proxy) installed. The
firewall fully opens for outgoing access for the workstations. Port 1723 and
GRE protocol are opened.

The struction of Internet access is, Internet -> ADSL modem -> switch ->
Linux firewall -> LAN. I connected a test PC (different IP from the Linux
firewall) to the switch, it can logon when the LAN workstation was logging on
with the same userID. This means the ADSL modem allow more than one session.

I also tested it at home which was very similar as above except the firewall
was built in the modem, which allow all out-going sessions. In this case, I
can establish two sessions on two different PCs simultaneously.

It is very confusing. Does the proxy cache the session and disallow the
second connection from second PC? Or the NAT locks the VPN channel with first
internal IP and disallow other new IP to use the same PPTP channel?

Any comment will be appreciated. Thanks!

Yuggie
 
I don't know Linux, but sone router or firewall allow only one VPN session.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

Hi, all

I need to create VPN sessions for WinXP in LAN to an external Windows 2000
VPN server. When I connect the first workstation, it can log on successfully.
But when I log on with the next one, it will say "verifying username and
password..." then pop-up error 721 (remote server no response). I change to
logon order, the first one always work but the second one can't. Also, I can
create two VPN sessions on the same PC simultaneously.

However, once the first user logoff, the second user has to wait about 5
minute to logon successfully.

I have a Linux firewall (iptables) with Squid (proxy) installed. The
firewall fully opens for outgoing access for the workstations. Port 1723 and
GRE protocol are opened.

The struction of Internet access is, Internet -> ADSL modem -> switch ->
Linux firewall -> LAN. I connected a test PC (different IP from the Linux
firewall) to the switch, it can logon when the LAN workstation was logging on
with the same userID. This means the ADSL modem allow more than one session.

I also tested it at home which was very similar as above except the firewall
was built in the modem, which allow all out-going sessions. In this case, I
can establish two sessions on two different PCs simultaneously.

It is very confusing. Does the proxy cache the session and disallow the
second connection from second PC? Or the NAT locks the VPN channel with first
internal IP and disallow other new IP to use the same PPTP channel?

Any comment will be appreciated. Thanks!

Yuggie
 
Hi, Rob

Thanks for the comment.

I checked with the modem manufacturer. They said the modem allow multiple
vpn sesssions.

Also, in the fourth paragraph of my original message, I mentioned this, "I
connected a test PC (different IP from the Linux firewall) to the switch, it
can logon when the LAN workstation was logging on with the same userID. This
means the ADSL modem allow more than one session".

I disabled the Squid (proxy service) on the firewall but didn't help.

Thanks,

Yujie
===============
 
Back
Top