/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
If you could get your VPN administrator to let you IPSEC in with ESP vs. using AH, things will work. Beyond that, YES, you could terminate the AH IPSEC tunnel on the MASQ server itself and then with a little routing, get everything working. Like Jamin's email said, check out http://www.freeswan.org for full details. The only problem with this is if your MASQ server gets broken into, the hostile users will have full access to your work's network too! --David >My company has just installed VPN tunelling between PIX firewalls which uses >IPsec (AH). > >At home I have a Linux box with Masq to allow my 2 or 3 PCs to access the >world through a single link. > >If I install VPN clients on my PCs at home, they cant connect to the PIX >firewalls because the VPN encryption occurs BEFORE the MASQ, and therefore >the VPN packets are modified, which the AH encryption doesnt accept. > >Does anyone know if I can install VPN after the MASQ on the Linux server, >thereby encrypting the messages AFTER modifying it (and better still, only >requiring the installation of VPN tunelling once, for all PCs on my network) > >Regards, Tim > >+------------------------------------------------+ >| [EMAIL PROTECTED] | >| IT Manager - Carrington Wire Cardiff | >| PO Box 56, Pengam Works, Cardiff CF24 2WR | >| Tel:+44(0) 29 20256100 Fax:+44(0) 29 20256101 | >| www.CarringtonWire.com | >+------------------------------------------------+ > >****** Internet Email Confidentiality ****** >Privileged/Confidential Information may be contained in this message. If >you are not the addressee indicated in this message (or responsible for >delivery of the message to such person), you may not copy or deliver this >message to anyone. In such case, you should destroy this message and kindly >notify the sender by reply email. Please advise immediately if you or your >employer do not consent to Internet email for messages of this kind. > >Opinions, conclusions and other information in this message that do not >relate to the official business of Carrington Wire Ltd shall be understood >as neither given nor endorsed by it. >******************************************** >_______________________________________________ >Masq maillist - [EMAIL PROTECTED] >Admin requests can be handled at http://www.indyramp.com/masq-list/ -- >THIS INCLUDES UNSUBSCRIBING! >or email to [EMAIL PROTECTED] > >PLEASE read the HOWTO and search the archives before posting. >You can start your search at http://www.indyramp.com/masq/ >Please keep general linux/unix/pc/internet questions off the list. .----------------------------------------------------------------------------. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !---- ----! `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----' _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
