On Thursday 26 December 2002 09:21 am, you wrote: > I want to VPN out to my work using a client running Windows XP Pro and > Nortel Extranet Client. Before going the LRP box, I was running an > application in Windows called WindRoute Pro, and all I did was map the > following ports to get VPN working on the client. The WinRoute Pro > machine was NOT the machine I was VPN-ing from. All this on a DSL > Connection.
That's fine, other than Dachstein blocks the ports/protocols being used. What your portmapper is doing is a standard Ipsec setup, and all documents including the one (not finished) I wrote at: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt > Create mapped port for ESP: > Protocol: Other 50 > Listen IP: <unspecified> > Destination IP: the private IP address of the client PC Open the firewall for protocol 50. > IKE port mapping: > Protocol: UDP > Listen IP: <Unspecified> > Listen port: 500 > Destination IP: the private IP address of the client PC > Destination port: 500 Open and port_forward udp port 500. > Now, the Windows Client has a static IP of 192.168.1.25 and can get out > to the Internet. This would be the destination of the port_forward(s). > Now, do I really need to load all the IPSec modules? I would think that > port mapping would be sufficient. Yes, you will to pass the connection through the firewall. There is only one ipsec.o module to load. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
