RE: NAT and VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What VPN?  Cisco IPSec client?  other IPSec clients?  PoPToP?.....
 
yes it matters
 
for Poptop - there is a module ip_nat_pptp
 
I think for IPSec there are other netfilter modules to provide VPN over a NAT connection.
 
The reason why is that VPN require that the packets are not touched (they have a checksum stored within each packet which it checks against) and NAT breaks that - it chanegs the packet thus changing the new checksum value thus breaking the VPN. 
 
so
 
you need to find out which vpn it is and you need to google if there is a Netfilter module available for it.!
 
 
-----Original Message-----
From: Derek Storvik [mailto:dstorvik@xxxxxxxxxxxxxx]
Sent: Thursday, June 03, 2004 12:53 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: NAT and VPN

I'm having trouble with NAT and VPN  

 

I have a linux server running Fedora core 1   that is a NAT/FIREWALL/VLAN/DHCP server for a large client network.

 

Internet

  |

  |

Linux

  |

  |

Large network with many vlans and 1000 nodes or so.

 

 

 The internal network is natted to the 10.0.0.0 network and my clients can not VPN out to the internet.   Specifically they get back an error 619

What has to be done to allow VPN to traverse through the firewall and NAT?   at the moment the firewall rules are wide open to make sure that isn't my issue.

 

Any help would be appreciated.

----------------------------------

Derek Storvik

Network & Systems Administrator

ConsulTech, LLC

 

 

Phone: 812.323.8324

Fax: 812.323.1272

E-mail: dstorvik@xxxxxxxxxxxxxx

 

1441 Fenbrook Lane

Bloomington, IN 47401

----------------------------------

 



Visit our website at http://www.p21.com/visit

The information in this e-mail is confidential and may contain legally privileged information. It is intended solely for the person or entity to which it is addressed. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, action taken, or action omitted to be taken in reliance on it, is prohibited and may be unlawful. If you received this e-mail in error, please contact the sender and delete the material from any computer.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux