|
Hi Grant, > Is your VPN
concentrator / server directly on the internet or is there some sort of port
forwarding going on. You could use a DMZ, if the machine in > the DMZ had
a globally routable IP, i.e. did not use port forwarding of any sort. Unfortunately the VPN server does not explicitly have
a public IP address that would allow it to receive connections. At
present, the VPN server is currently sitting behind a DSL router which has a
public IP and is receiving connections via DNAT, in particular port 1723 (PPTP)
and protocol 47 (GRE). The DMZ setup that the DSL router offers is
basically having all connections on the public IP DNAT through to the internal
IP address of the VPN server. I have been able to verify this, as the
router itself runs a minimal linux environment which includes using IPTables
for its firewalling capabilities (D-Link branded DSL router). Also, I have already mentioned that moving to another
type of connection such as fibre isn’t an option as I cannot afford a
connection of this type (I live in At present the range of connections are as follows: Dial-Up – Far too slow DSL – Affordable and very quick ISDN – Far too pricey ($900 per month not
including data charges) Cable – Only available in certain areas in Fibre – Far far too pricey ($1,500 per month –
2 Mbps National / 512k International) Fibre by far would be the best option as I would
receive around 7 public IP addresses but as you can see from the cost it just
isn’t very feasible for only a VPN solution. As you also mentioned in your previous email about
the limitation of IPTables … is there any workarounds such as using the
patch-o-matic patches? Any comments/suggestions are welcome from anyone. |
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
