Date: Wed, 31 Oct 2001 08:42:36 -0800 From: Jon Drukman <jsd@cluttered.com> To: Ruslan Ermilov <ru@FreeBSD.ORG> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: VPN + NATD = possible? Message-ID: <4.3.2.7.2.20011031084048.00b52418@10.10.10.1> In-Reply-To: <20011031123409.D61563@sunbay.com> References: <4.3.2.7.2.20011009140006.00b822d8@10.10.10.1> <4.3.2.7.2.20011009140006.00b822d8@10.10.10.1>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:34 PM 10/31/2001 +0200, Ruslan Ermilov wrote: >On Tue, Oct 09, 2001 at 02:02:59PM -0700, Jon Drukman wrote: > > i was searching the freebsd archives for info on this but i am unclear > what > > the deal is. > > > > i have a windows 2000 box trying to use vpn. my freebsd box provides ipfw > > and natd. i allowed the gre protocol through ipfw, and i set up a port > > redirect for port 1723. it doesn't seem to connect though. i read > > somewhere about vpn's that use packet checksums to verify that the data > > hasn't been tampered with, and since natd messes with the packet headers, > > that would throw off the checksums. i'm not sure if that has anything to > > do with this. we're using a nortel vpn in case that matters. > > > > any advice? i need to be able to run the vpn through my freebsd > > box... (or is there some way i can run vpn software ON the freebsd box > and > > connect from my windows box through it?) > > >It's unclear from the above what are you trying to do: > >1) Use Win2K box as a VPN client to connect to an external VPN server > through NAT. > >2) Use Win2K box as a VPN server listening on TCP port 1723. > >natd(8) (actually, libalias(3)) has all the required support for >both of these options, except it does not work when more than one >internal client connects to the same external server at the same >time; see libalias(3) manpage's BUGS section. originally i wanted to just run vpn client on my win2k box and have my freebsd box pass the traffic. i think i did get that to work. however, i then got ambitious and decided to run the vpn client on freebsd, and provide transparent throughput for all my windows boxes. i did manage to do this too, running multiple instances of natd to handle it. it took a few days of screaming agony but i did figure it out! if anybody wants to know how to do it, ask me. -jsd- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20011031084048.00b52418>