Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 Oct 2001 12:34:09 +0200
From:      Ruslan Ermilov <ru@FreeBSD.ORG>
To:        Jon Drukman <jsd@cluttered.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: VPN + NATD = possible?
Message-ID:  <20011031123409.D61563@sunbay.com>
In-Reply-To: <4.3.2.7.2.20011009140006.00b822d8@10.10.10.1>; from jsd@cluttered.com on Tue, Oct 09, 2001 at 02:02:59PM -0700
References:  <4.3.2.7.2.20011009140006.00b822d8@10.10.10.1>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Oct 09, 2001 at 02:02:59PM -0700, Jon Drukman wrote:
> i was searching the freebsd archives for info on this but i am unclear what 
> the deal is.
> 
> i have a windows 2000 box trying to use vpn.  my freebsd box provides ipfw 
> and natd.  i allowed the gre protocol through ipfw, and i set up a port 
> redirect for port 1723.  it doesn't seem to connect though.  i read 
> somewhere about vpn's that use packet checksums to verify that the data 
> hasn't been tampered with, and since natd messes with the packet headers, 
> that would throw off the checksums.  i'm not sure if that has anything to 
> do with this.  we're using a nortel vpn in case that matters.
> 
> any advice?  i need to be able to run the vpn through my freebsd 
> box...  (or is there some way i can run vpn software ON the freebsd box and 
> connect from my windows box through it?)
> 
It's unclear from the above what are you trying to do:

1)  Use Win2K box as a VPN client to connect to an external VPN server
    through NAT.

2)  Use Win2K box as a VPN server listening on TCP port 1723.

natd(8) (actually, libalias(3)) has all the required support for
both of these options, except it does not work when more than one
internal client connects to the same external server at the same
time; see libalias(3) manpage's BUGS section.


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011031123409.D61563>