VPN problems

[Craig White]

Tom Achtenberg wrote:
> 
> I'm passing this on for my boss.  It has to do with does Qwest do address translation on their DSL accounts with MSN ISP.  If anyone here has any info it would be a help.
> -----------------------------------------------------------------------------------------------------------------
> 
> Do the new MSN DSL "modems" do NAT translation, or are they real routers?
> 
> If MSN is selling NAT'd internet, there is a good chance that it will not work with a VPN of any kind, unless the routers support "VPN Passthrough". This concurs with what the logs seem to indicate (the VPN tunnel is brought up, but GRE traffic does not get passed).
> 
----
If, your connection is the same that your mail came
from...63.172.181.253 - then that is a public IP address and not NAT'd

That being said, your original question was about Qwest on one end &
AT&T on the other. Qwest as ISP, does not block those protocols, for
sure, AT&T seemed to hamper them the last time I tried to use a dial-up
account on AT&T to a PPTP/Microsoft VPN and it was so slow, it wasn't
usable. We used a different dial-up account to a local ISP.

I haven't a clue what MSN as isp but I can tell you that I wouldn't let
my clients make the switch to MSN as ISP, I would have switched them to
a different local provider that doesn't use PPP - preferably, one that
uses bridging mode like Primenet (or whatever their name is these days
or there are many, many others). Too much latency in PPP mode and by the
time you get a fixed ip address, your pricing is up the same as a better
quality / full time connection with fixed ip addresses and you will have
less NIMDA trash bandwidth suckage.

Lastly, if you are playing with Microsoft VPN technology, you really
ought to be using their L2TP stuff and not their PPTP. Better yet, get a
couple of Cisco 1720 VPN\MK9's and use IPSEC or 2 boxes on each end
running linux with IPSEC. 

Craig