[Gllug] Recommend an ADSL modem?

Doug Winter doug at pigeonhold.com
Thu Jan 22 09:31:12 UTC 2004


On Wed 21 Jan Formi wrote:
>  We had a efficient networks 586X doing nat and some port forwarding, at
>  some point it started doing strange things, even though it isn't a cheap
>  piece of gear. The only way I found of fixing things was to disable
>  almost everything, and use it as a simple bridge.
> 
>  It's been stable for a few months with just the odd reboot when I
>  remenber about it. At some point I would like to set up a VPN to a
>  windows machine, wich obviously is sitting behind the linux nat box.
> 
>  Does your statement about VPNs not going through them apply to my
>  situation?

If it's running as a bridge, it does nothing to the IP traffic at all -
it just bridges pppoa to pppoe, so any molesting at the IP layer will
happen wherever you are running your ppp protocol.  

If you have a good IPSec implementation (such as OpenBSD's excellent
one) you shouldn't have any trouble getting that working.  I was
distinctly underwhelmed by the Linux FreeS/WAN stuff, but I understand
2.6 has kernel IPSec support using isakmpd for key exchange, so at least
Linux is catching up there :)

Some VPN protocols work ok through NAT, notably PPTP.  PPTP has other
defects, but we use here because it requires little user support for
windows users and it works OK through their now ubiquitous wireless/adsl
gadgets.

Obviously IPSec using ISAKMP is the dogs bollocks as far as VPNs goes,
but attempts to get that working through random dodgy NAT boxes should
only be made if you have a large supply of valium handy.

doug.

-- 
6973E2CF print 2C95 66AD 1596 37D2 41FC  609F 76C0 A4EC 6973 E2CF
"Roast Fish and Corn Bread"
    -- Lee Perry

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list