RE: NAT and VPN

Aldo Lagana <ALagana@xxxxxxx> · Thu, 3 Jun 2004 13:26:22 -0400

What 
VPN?  Cisco IPSec client?  other IPSec clients?  
PoPToP?.....

yes it 
matters

for 
Poptop - there is a module ip_nat_pptp

I 
think for IPSec there are other netfilter modules to provide VPN over a NAT 
connection.

The 
reason why is that VPN require that the packets are not touched (they have a 
checksum stored within each packet which it checks against) and NAT breaks that 
- it chanegs the packet thus changing the new checksum value thus breaking the 
VPN.  

so

you 
need to find out which vpn it is and you need to google if there is a Netfilter 
module available for it.!

  -----Original Message-----
From: Derek Storvik 
  [mailto:dstorvik@xxxxxxxxxxxxxx]
Sent: Thursday, June 03, 2004 12:53 
  PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: NAT and 
  VPN

  I'm having trouble with NAT and 
  VPN   

  I have a linux server running 
  Fedora core 1   that is a NAT/FIREWALL/VLAN/DHCP server for a large 
  client network.

  Internet

  |

  |
  Linux

  |

  |
  Large network with many vlans and 
  1000 nodes or so.

   The internal network is 
  natted to the 10.0.0.0 network and my clients can not VPN out to the 
  internet.   Specifically they get back an error 
  619
  What has to be done to allow VPN 
  to traverse through the firewall and NAT?   at the moment the 
  firewall rules are wide open to make sure that isn't my issue. 

  Any help would be 
  appreciated.
  ----------------------------------
  Derek Storvik
  Network & Systems 
  Administrator
  ConsulTech, LLC

  Phone: 812.323.8324
  Fax: 812.323.1272
  E-mail: dstorvik@xxxxxxxxxxxxxx

  1441 Fenbrook 
  Lane
  Bloomington, IN 47401
  ----------------------------------

Visit our website at http://www.p21.com/visit 

The information in this e-mail is confidential and may contain legally privileged information.  It is intended solely for the person or entity to which it is addressed.  Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, action taken, or action omitted to be taken in reliance on it, is prohibited and may be unlawful.  If you received this e-mail in error, please contact the sender and delete the material from any computer. 