Denis,
> PPTP connection working well via Hairpin NAT 1:1.
Good to hear!
Now if I could ask you for one favour to settle if we need an ALG or not.
Could you analyse all your PPTP sessions (or all sessions that aren't TCP/UDP
for that matter) and determine the total number of concurrent session
Hi, Ole!PPTP connection working well via Hairpin NAT 1:1.Thanks!
--
Yours sincerely,
Denis Lotarev
On Tuesday, June 20, 2017, 5:07:48 PM GMT+5, Ole Troan
wrote:
Denis,
Matus found the issue with hairpinning. Merged fix in
https://gerrit.fd.io/r/#/c/7200/
Please let me know if that also fix
Hi, Oleg!
Today we had issue with one more subscriber under iptables NAT on linux
4.4.35-1-lts. More than one subscriber cannot connecting to any PPTP servers.
We must to loaded two modules nf_nat_pptp and nf_conntrack_pptp. After this
subscribers connect to their servers successfully.
FIY, Linu
Hi Denis,
> Today we are testing SNAT plugin and PPTP connection by public ip and this is
> not working.
> Both machines have a static mapping, we are testing pptp by snat hairpin.
> Even if one machine (in outside VPP netwrok) can trying to connect to machine
> in inside VPP network (with stati
15.06.2017, 08:18, "Denis Lotarev via vpp-dev" :
> Hi, Ole!
> Today we are testing SNAT plugin and PPTP connection by public ip and this is
> not working.
> Both machines have a static mapping, we are testing pptp by snat hairpin.
> Even if one machine (in outside VPP netwrok) can trying to conn
Hi, Ole!Today we are testing SNAT plugin and PPTP connection by public ip and
this is not working.Both machines have a static mapping, we are testing pptp by
snat hairpin.Even if one machine (in outside VPP netwrok) can trying to connect
to machine in inside VPP network (with static mapping by p
> I guess I need to read up on PPTP (sigh).
> Does the protocol work through a 1:1 NAT today?
We need a little time to check this inside VPP network (install any pptp server
inside VPP network and connect via public IPs inside VPP network between server
and client). Or if you are talking about cu
Hi Denis,
> We are trying to test SIP to asterisk (which outside VPP network) port 5060
> UDP and its work normaly via SNAT plugin (static and dynamic nat working
> well).Also we are trying to test SIP to yate (minimal sip server) inside VPP
> network with SNAT hairpin and its work correctly to
Hi, Ole.
We are trying to test SIP to asterisk (which outside VPP network) port 5060 UDP
and its work normaly via SNAT plugin (static and dynamic nat working well).Also
we are trying to test SIP to yate (minimal sip server) inside VPP network with
SNAT hairpin and its work correctly too. And als
Hi!
> Certainly cool if you could find a use for VPP this way.
Yes, we will be glad to use VPP as hight perfomance NAT server in our
infrastructure, if this will work stability :)
Nowaday we are using six servers with double 10G NIC with 12 cpu cores
every.This works on simple SNAT iptables modul
And so for a "joke", we would like to replace six servers with double 10G NICs
running on Linux Iptables by VPP (dpdk) solution, because linux netfilter is so
old, and deprecated (but this supported ALG).
--
Yours sincerely,
Denis Lotarev
On Tuesday, June 13, 2017, 6:23:14 PM GMT+5, wrote:
D
Im agree with you as the end user, that this protocols are insecure and
deprecated, but so on the other hand, as service provider we are should
transmit all client traffic to another point :)Service provider shouldnt tell
the client what protocols to use or not use.And if ISP have about 1 cl
Denis,
> Hi! Im working on Internet service provider, and ALG require for clients
> which connected to their offices via pptp, sip, etc.
> But current SNAT plugin in master (build #2482) doesnt support pptp proto
> inside (maybe sip also).
Yeah, don't use PPTP. Insecure and broken.
SIP applicat
Hi! Im working on Internet service provider, and ALG require for clients which
connected to their offices via pptp, sip, etc.But current SNAT plugin in master
(build #2482) doesnt support pptp proto inside (maybe sip also).
--
Yours sincerely,
Denis Lotarev_
Hi there,
New applications can do this themselves, but what about old applications such
as TFTP?
Regards,
Ewan
yug...@telincn.com
From: otroan
Date: 2017-05-26 16:52
To: yugang
CC: vpp-dev
Subject: Re: [vpp-dev] ALG
Hi there,
> Many applications have two channels, one is data chan
Hi there,
> Many applications have two channels, one is data channel, the other is
> control channel, both have different ports,
> so we need ALG to help these protocols to cut through FW, i think it is a
> pretty important feature and
> it has been surpported by almost every manufacturer on th
devices.
Regards,
Ewan
yug...@telincn.com
From: otroan
Date: 2017-05-23 18:42
To: yugang
CC: vpp-dev
Subject: Re: [vpp-dev] ALG
Hi Ewan,
> Is there any plan to surpport ALG?
I am quite the non-believer with regards to ALGs.
But you can always make a proposal. What ALGs do you need and
Hi Ewan,
> Is there any plan to surpport ALG?
I am quite the non-believer with regards to ALGs.
But you can always make a proposal. What ALGs do you need and why?
Best regards,
Ole
signature.asc
Description: Message signed with OpenPGP
___
vpp-dev ma
Hi all,
Is there any plan to surpport ALG?
Regards,
Ewan
ewan
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
19 matches
Mail list logo
