PPTP VPN server: two connections from the same IP address, but different devices?

Question

I have two shops and the office. Shops are connected to the internet via same internet provider, but they are in the different parts of the city and use different connections of course. This internet provider uses NAT so my both two shops have the same externally visible IP address.

Office is connected to the internet using different provider and has static IP.

The text here says

The PPTP protocol does not allow two VPN connections from the same remote IP address

Is that really so? Is this a physical limitation? I've tried to connect to the same PPTP VPN server from home where my both notebook and laptop are connected to internet using one router. Both connections from both machines were successfully established.

Is there any problem in the situation where two devices connect to the same VPN server and have same external IP? I need each of my shops to see office network and office network to see each shop's network. There is no need for the shops to see each other.

Answer 1

The PPTP protocol uses GRE (Generic Routing Encapsulation) for transporting the payload data. The GRE protocol unlike tcp/udp/etc has no ports that can be used to uniquely identify packets from each other that cross a NAT.

The PPTP protocol does use the optional Key header to store a length, call id, and sequence number. But some NAT implementations simply don't have the required code to dig into the GRE headers and extract the call id from the key header. This means that they simply use the destination IP addresses to distinguish one packet from another.

I just scanned through the PPTP RFCs, and I didn't see any place where multiple sessions per IP was specifically mentions as not being possible, so my though is that the docs for that PPTP implementation just put the comment in their because of the common difficulty with PPTP and NAT.

• PPTP https://www.rfc-editor.org/rfc/rfc2637
• GRE https://www.rfc-editor.org/rfc/rfc1701