From owner-freebsd-questions Wed Oct 31 8:43:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cluttered.com (w024.z064002058.sjc-ca.dsl.cnc.net [64.2.58.24]) by hub.freebsd.org (Postfix) with ESMTP id EDE9537B401; Wed, 31 Oct 2001 08:43:18 -0800 (PST) Received: from orgasmotron.cluttered.com (jsd [10.10.10.3]) by cluttered.com (Postfix) with ESMTP id 1438DC984E; Wed, 31 Oct 2001 08:43:20 -0800 (PST) Message-Id: <4.3.2.7.2.20011031084048.00b52418@10.10.10.1> X-Sender: jsd@10.10.10.1 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 31 Oct 2001 08:42:36 -0800 To: Ruslan Ermilov From: Jon Drukman Subject: Re: VPN + NATD = possible? Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <20011031123409.D61563@sunbay.com> References: <4.3.2.7.2.20011009140006.00b822d8@10.10.10.1> <4.3.2.7.2.20011009140006.00b822d8@10.10.10.1> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 12:34 PM 10/31/2001 +0200, Ruslan Ermilov wrote: >On Tue, Oct 09, 2001 at 02:02:59PM -0700, Jon Drukman wrote: > > i was searching the freebsd archives for info on this but i am unclear > what > > the deal is. > > > > i have a windows 2000 box trying to use vpn. my freebsd box provides ipfw > > and natd. i allowed the gre protocol through ipfw, and i set up a port > > redirect for port 1723. it doesn't seem to connect though. i read > > somewhere about vpn's that use packet checksums to verify that the data > > hasn't been tampered with, and since natd messes with the packet headers, > > that would throw off the checksums. i'm not sure if that has anything to > > do with this. we're using a nortel vpn in case that matters. > > > > any advice? i need to be able to run the vpn through my freebsd > > box... (or is there some way i can run vpn software ON the freebsd box > and > > connect from my windows box through it?) > > >It's unclear from the above what are you trying to do: > >1) Use Win2K box as a VPN client to connect to an external VPN server > through NAT. > >2) Use Win2K box as a VPN server listening on TCP port 1723. > >natd(8) (actually, libalias(3)) has all the required support for >both of these options, except it does not work when more than one >internal client connects to the same external server at the same >time; see libalias(3) manpage's BUGS section. originally i wanted to just run vpn client on my win2k box and have my freebsd box pass the traffic. i think i did get that to work. however, i then got ambitious and decided to run the vpn client on freebsd, and provide transparent throughput for all my windows boxes. i did manage to do this too, running multiple instances of natd to handle it. it took a few days of screaming agony but i did figure it out! if anybody wants to know how to do it, ask me. -jsd- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message