Multiple Concurrent PPTP Connections

Understand why more than one PPTP connection from the same IP source can be a problem.

John Savill

October 1, 2014

1 Min Read
VPN

Q: I'm trying to establish more than one concurrent PPTP VPN connection from a network behind a NAT device, but only the first connection gets connected; why?

A: Point-to-Point Tunneling Protocol (PPTP) traffic is uniquely identified by a source IP address and a Call ID field in the GRE header. When multiple clients connect to the same VPN endpoint behind a common Network Address Translation (NAT), they all have the same source IP address. Because the different VPN clients are unaware of each other, they might choose the same Call ID field, which prohibits multiple connections because the VPN endpoint has no way to differentiate between the various connections. The resolution is that the NAT device behind which the devices are placed needs to support PPTP editor, which monitors PPTP tunnel creation and creates separate mappings to unique Call IDs as required. Windows RRAS NAT supports PPTP editor automatically, as do many NAT devices.

One trick I've found that can help is instead of using an IP address for the target VPN server on the VPN client, use a DNS name instead (even if it's an entry in the HOSTS file), which makes the PPTP editor work on some NAT devices.

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like