[Gllug] Linux Magic VPN Firewall
Richard Cottrill
richard_c at tpg.com.au
Thu Dec 6 13:44:53 UTC 2001
Related(?) factoid: The Cisco VPN client for Windows has an option that
allows it to work through NAT firewalls (like my smoothie box in this case).
I expect it's talking to genuine Cisco gear. I have no idea if this is a
Cisco extension or a standard IPSec feature though.
Richard
> -----Original Message-----
> From: gllug-admin at linux.co.uk [mailto:gllug-admin at linux.co.uk]On Behalf
> Of Pete Ryland
> Sent: Thursday, December 06, 2001 12:09 PM
> To: gllug at linux.co.uk
> Subject: Re: [Gllug] Linux Magic VPN Firewall
>
>
> On Thu, Dec 06, 2001 at 11:31:54AM +0000, John Edwards wrote:
> > Hi
> > Has anyone had any experience with the Linux Magic VPN Firewall
> > package, especially the IPsec and PPTP side of it ?
>
> Heh, funny you should mention that; I've been trying for a few days to get
> an ipsec vpn working here properly. All I need is for one (windows) host
> (with masqueraded private address) to be able to talk to a vpn
> server on the
> net. So I tried fiddling with the iptables rules, and decided I
> had to run
> the vpn client on the firewall/gateway...
>
> I've updated the gateway/firewall to a 2.4.16 kernel (and don't want to go
> back for a few reasons) which is the main reason none of the vpn software
> works (I spent a few hours the other day trying to apply by hand
> FreeSwan's
> kernel patches before giving up). I've had success only with Cisco's VPN
> 5000 software but it will take over the external interface and not allow
> traffic to the rest of the net, nor allow other machines access
> to the vpn,
> which kinda defeats the purpose.
>
> Seems like a bit of a deadlock, since from what I gather, I can't
> masquerade
> ipsec traffic from inside the local net since the packet mangling
> blows the
> authentication, i.e. the vpn client has to be run on the gateway/firewall.
> This is correct isn't it?
>
> Any ideas anyone? I might give this Magic VPN thingo a try.
>
> Pete
>
> --
> Gllug mailing list - Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
>
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list