Ok, so you are CLIENTS connecting to a VPN server. That whole scenario you were speaking of is called NAT (private ip addresses are mapped to a single public ip address. The router/firewall keeps track of the connections). That is not the problem though. The issue is that some encryption technologies do not allow the connections to be NATed because your data packets are "mangled" to achieve this, and the encryption protocol requires packets to be unmodified so as to verify integrity. You have two options. The first option is to get the people hosting the VPN server to change what they are doing into somethign more NAT friendly (but loses a level of security) or work with them to set up a vpn server in your network that builds a conenction with their vpn server. Then, you set up info on your routing tables to route over it. This way, you have a single VPN connection, and all your clients send data over it. ----- Original Message ----- From: "Tony Gogoi" <tgogoi@xxxxxxxxxxxxxxx> To: "Adam Lang" <aalang@xxxxxxxxxxxxxxxxxxxx> Cc: <linux-admin@xxxxxxxxxxxxxxx> Sent: Monday, August 16, 2004 2:50 PM Subject: Re: VPN question > > Hi Adam, > > I'm not too familiar with VPNs. > > But our PC's sit on a LAN behind a firewall. A few PC's are VPN clients. > Right now we have configured our firewall to map VPN clients on the > private LAN to static external IP addresses. The rest of the PC's on the > LAN are mapped to a single IP address. We are running out of external IP > addresses. Was wondering if there was a way out instead of having to buy > more IP addresses. > > So, i was wondering if there's a set up that could make our PC's connect > to some sort of VPN server at our end which would act as a gateway to the > actual server located far away. > > Regards, > Tony > > On Mon, 16 Aug 2004, Adam Lang wrote: > > > Obvious first question is: why is it a problem? > > ----- Original Message ----- > > From: "Tony Gogoi" <tgogoi@xxxxxxxxxxxxxxx> > > To: <linux-admin@xxxxxxxxxxxxxxx> > > Sent: Monday, August 16, 2004 12:30 PM > > Subject: VPN question > > > > > > > > > > Hello, > > > > > > Right now when we use the VPN each of our computers needs a unique > > > external IP-address to communicate with the server. > > > > > > To overcome the problem of having a few external IP addresses, > > > I was wondering if there's any software that would map all client's > > > external IP addresses to one unique IP address and communicate with the > > > server through another software that would "decrpyt" the unique IP address > > > into individual ones. > > > > > > Regards, > > > Tony Gogoi > > > - > > > : send the line "unsubscribe linux-admin" in > > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > - > > : send the line "unsubscribe linux-admin" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > > > Tony Gogoi - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
