Port forwarding revisited
Derek D. Martin
ddm at mclinux.com
Tue Aug 28 18:27:53 EDT 2001
Bill Horne said:
> However, I also have a VPN client on one of my internal machines (call
> it Omega for illustration), in order to access Verizon's network from
> home. This client works OK when Omega is connected directly to the cable
> modem, but can't originate a connection when the Linux box is doing
> masquerading.
IPSec is not designed to work with NAT, however some implementations
of VPN software that use IPSec have hacks to make it work. For
example, the Cisco VPN concentrator has a -n option on the Linux
client (and a check box on the Windows client) to enable NAT
transparency. I have no idea what software you're using, so I can't
tell you what to do.
There are also patches to the Linux kernel that help make this work if
your client doesn't do it for you, but I have little knowledge of them
so I can't offer much help there. You might try poking around at
www.freeswan.org for some hints... And I've also heard that they
don't work reliably, but I don't know.
You might also try posting this question on GNHLUG, as there are a
couple of people there who may have answers. You might also mention
what software you're using...
--
Derek Martin
Senior System Administrator
Mission Critical Linux
martin at MissionCriticalLinux.com
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list