From owner-freebsd-questions Wed Oct 31 2:34:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 99BE337B405 for ; Wed, 31 Oct 2001 02:34:35 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id f9VAY9D77162; Wed, 31 Oct 2001 12:34:09 +0200 (EET) (envelope-from ru) Date: Wed, 31 Oct 2001 12:34:09 +0200 From: Ruslan Ermilov To: Jon Drukman Cc: freebsd-questions@FreeBSD.ORG Subject: Re: VPN + NATD = possible? Message-ID: <20011031123409.D61563@sunbay.com> References: <4.3.2.7.2.20011009140006.00b822d8@10.10.10.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20011009140006.00b822d8@10.10.10.1>; from jsd@cluttered.com on Tue, Oct 09, 2001 at 02:02:59PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Oct 09, 2001 at 02:02:59PM -0700, Jon Drukman wrote: > i was searching the freebsd archives for info on this but i am unclear what > the deal is. > > i have a windows 2000 box trying to use vpn. my freebsd box provides ipfw > and natd. i allowed the gre protocol through ipfw, and i set up a port > redirect for port 1723. it doesn't seem to connect though. i read > somewhere about vpn's that use packet checksums to verify that the data > hasn't been tampered with, and since natd messes with the packet headers, > that would throw off the checksums. i'm not sure if that has anything to > do with this. we're using a nortel vpn in case that matters. > > any advice? i need to be able to run the vpn through my freebsd > box... (or is there some way i can run vpn software ON the freebsd box and > connect from my windows box through it?) > It's unclear from the above what are you trying to do: 1) Use Win2K box as a VPN client to connect to an external VPN server through NAT. 2) Use Win2K box as a VPN server listening on TCP port 1723. natd(8) (actually, libalias(3)) has all the required support for both of these options, except it does not work when more than one internal client connects to the same external server at the same time; see libalias(3) manpage's BUGS section. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message