Of the VPN solutions I've used, only IPSEC minds if the IPs are NATted. and if I remember correctly, IPSEC minds even if its a one-to-one NAT.
So I'd suggest you simply configure your router/firewall to NAT all those internal IPs to the same external IP and see if it works, before starting to set up a more complicated solution.
Ok, so you are CLIENTS connecting to a VPN server. That whole scenario you were speaking of is called NAT (private ip addresses are mapped to a single public ip address. The router/firewall keeps track of the connections).
That is not the problem though. The issue is that some encryption technologies do not allow the connections to be NATed because your data packets are "mangled" to achieve this, and the encryption protocol requires packets to be unmodified so as to verify integrity.
You have two options. The first option is to get the people hosting the VPN server to change what they are doing into somethign more NAT friendly (but loses a level of security) or work with them to set up a vpn server in your network that builds a conenction with their vpn server. Then, you set up info on your routing tables to route over it. This way, you have a single VPN connection, and all your clients send data over it.
----- Original Message ----- From: "Tony Gogoi" <tgogoi@xxxxxxxxxxxxxxx> To: "Adam Lang" <aalang@xxxxxxxxxxxxxxxxxxxx> Cc: <linux-admin@xxxxxxxxxxxxxxx> Sent: Monday, August 16, 2004 2:50 PM Subject: Re: VPN question
the
Hi Adam,
I'm not too familiar with VPNs.
But our PC's sit on a LAN behind a firewall. A few PC's are VPN clients.
Right now we have configured our firewall to map VPN clients on the
private LAN to static external IP addresses. The rest of the PC's on the
LAN are mapped to a single IP address. We are running out of external IP
addresses. Was wondering if there was a way out instead of having to buy
more IP addresses.
So, i was wondering if there's a set up that could make our PC's connect
to some sort of VPN server at our end which would act as a gateway to the
actual server located far away.
Regards, Tony
On Mon, 16 Aug 2004, Adam Lang wrote:
> Obvious first question is: why is it a problem?
> ----- Original Message -----
> From: "Tony Gogoi" <tgogoi@xxxxxxxxxxxxxxx>
> To: <linux-admin@xxxxxxxxxxxxxxx>
> Sent: Monday, August 16, 2004 12:30 PM
> Subject: VPN question
>
>
> >
> > Hello,
> >
> > Right now when we use the VPN each of our computers needs a unique
> > external IP-address to communicate with the server.
> >
> > To overcome the problem of having a few external IP addresses,
> > I was wondering if there's any software that would map all client's
> > external IP addresses to one unique IP address and communicate with
> > server through another software that would "decrpyt" the unique IPaddress
in> > into individual ones. > > > > Regards, > > Tony Gogoi > > - > > : send the line "unsubscribe linux- admin"
in> > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info. html > > - > : send the line "unsubscribe linux- admin"
> the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html >
Tony Gogoi
-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
- : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
