Date: Thu, 29 Mar 2001 08:40:03 -0800 From: "Hervey Wilson" <herveyw@dynamic-cast.com> To: <freebsd-questions@FreeBSD.ORG> Subject: Re: NATD on a VPN account Message-ID: <002f01c0b86e$e886b6f0$0101a8c0@chillipepper> References: <95B669A7D872D41182A600508BDFFB8C01BECAE5@mlbmx7.ess.harris.com> <44n1a4h9gn.fsf@lowellg.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Lowell Gilbert <lowell@world.std.com> writes: > rpotts@harris.com (Potts, Ross) writes: > > > Is it tru that VPN will break the SMB connectivity from NATted boxes to another > > LAN? Right now we are paying a fairly good sized bill for a 256k slice off of a > > T1 that is mostly voice. Every PC has it's own IP address. My communications > > office says that if I were to host these PCs with NATD over a VPN connection to > > the main subnet(they are considering broadband on our end for cost), that there > > would be a breakage in the connection to their NT PDC/BDCs and shares. Would a > > router/firewall with carefully scripted rules keep us connected, in regards to > > SMB? > > Most VPN technology will not work through a NAT. If encryption is applied to > addresses, and a router changes the addresses, then obviously it's going to > break. You might be able to use an encrypted tunnel *within* the VPN, but the > logical topology (and the address assignments) would get pretty complicated. > > I realize this explanation was very brief; ask further questions if it's unclear. I certainly don't profess to know all the details here; only what I've experienced. I tunnel from a Win2k / WinXP machine through a FreeBSD server running natd to my employers VPN (i.e. MS-PPTP). Once the connection is established I can access all shares, www, etc on machines inside my employers office which implies that I am authenticated with the PDC. I haven't tried in quite a while, but in the past have also managed to connect to the home machine from the office (note: connection is always established from home -> office). Now, what I have seen in the past are problems accessing other local machines at home when the PPTP connection is established: the Win box establishes a new IP address from my employers DHCP servers and this seems to confuse things. For the natd server, I believe that PPTP is tunneled over GRE (protocol 47) and IP is only used for connection establishment. As I said, I don't know all the details, so suggest you verify this for your own configurations. H. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002f01c0b86e$e886b6f0$0101a8c0>