On Thu, Nov 22, 2007 at 08:39:43PM +0530, Raja Subramanian wrote: > On 11/22/07, Girish Venkatachalam <[EMAIL PROTECTED]> wrote: > > Here is a promise. You shall have the patch from me sent to tech@ before > > Dec 15. > > Wow! :-) > > Every time I hit the pptp limitation, I start coding and a few hours later > give up in disgust. Over many sittings, I've nearly completed the > userland pptp-proxy, and started on hacking the kernel pf to do a full > NAT on GRE using Call-IDs (in place of tcp/udp port numbers). I have > not tested the kernel bit, but the userland stuff works okay. >
this sound like a better approach, it could make sense to handle just the GRE call-ids in the kernel and the pptp handling in userland. but if the overhead is low enough or the GRE code too complex, it is even better to do everything in userland... > I even started http://sourceforge.net/projects/pptp-proxy, and later > abandoned it. The sourceforge code is ancient, don't use it, the latest > work was never committed. > > Let me know if you want any of my code. > yes, please > Should you decide to go with the userland pptp-proxy approach, it's > important to know that there's a bug in 4.2 that triggers a kernel dump > whenever you call pf ioctl PFIOCADDSTATE with bad args. A fix for > this is available, but I doubt if its worked itself into CURRENT. > > - Raja > reyk
