On Wednesday 17 December 2003 08:33 am, John J. Orsini wrote:Leaf Users, This is a general question about the capability of Bering. I am trying to connect 2 VPN clients from inside my network to their respective VPN concentrators. I have successfully set up the Cisco VPN client to communicate to my wife's company. One of the clients is a Cisco and the other is for Checkpoint. My question is, does Bering support VPN pass thru like a Linksys or Dlink router? Is there a way to set up Bering so that it works dynamically, instead of setting up all of the portforwarding and firewall rules by hand. Please let me know.
At this time, the Linux firewalling programs have no way of dynamically port-forwarding more than one pass-through service (such as Ipsec) on
a single port (ie... 500). I know many of the DLinks are running Cisco IOS,
but I can't explain how they accomplish this feat even on IOS.
Simple answer.... no.
You can have multiple VPN clients behind a linux firewall if they're using the recent NAT traversal configuration. IIRC, instead of using protocols 50/51 for the IPSec data, *ALL* data is sent via UDP, allowing VPN connections to traverse standard NAT/masquerading firewalls.
AFAIK, this would be something you would setup in your VPN software, and should 'just work' with most default firewall configurations.
Note that FreeS/WAN requires a patch to support this functionality, if you're planning on using linux as one (or both) of the endpoints.
Of course, it's still possible to setup one system for pretty much any VPN flavor using port/protocol forwarding, and there may be some advanced conntrack modules in 2.4 that do fancy things with IPSec packets, but I'm stuck in 2.2 kernel land (for IPSec, anyway) so am not familiar with what new features might be in 2.4.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
