Anyone have suggestions on what I need to do to allow my customer to
do this type of VPN. I currently have customers behind my
linux/iptables firewall that masquerades them out a single IP. This
is the first customer who is having problems. Do I need a special
rule to accomodate them??
I would agree with what you have to say about opinions but this was not
opinion. It was a statement based on a misunderstanding of what was
written in a public document about a high profile project.
Peter R. wrote:
Easy there, Dawn.
Muni wireless is just
You have to create a rule to allow the GRE tunnel back to your customer
from the VPN Server IP. Are you forwarding ALL public IP traffic to his
I believe it is Protocol 47 or something like that. You also need to
allow certain udp ports through but I don't remember off the top of my
On Mon, 15 Jan 2007, rabbtux rabbtux wrote:
Anyone have suggestions on what I need to do to allow my customer
to do this type of VPN. I currently have customers behind my
linux/iptables firewall that masquerades them out a single IP.
This is the first customer who is having problems. Do I
Kimo- please explain what Webnetic is.
Numbering my responses to Kimo's questions:
1. Right now, a handful of cities (I think they are the 3 Metro-Fi cities in
Silicon Valley, plus Mtn View) are getting 1Mb. This is totally dependent of
the depth of the pockets of Metro-Fi's backers and on the
Where do they guarantee anon usage? I have used both Sunnyvale and Santa
Clara and had to sign up to use it.
No one is going to allow anon usage! Too many things can happen when users
do bad things.
If you were in this business, you would understand.
A Standard Ipsec VPN will use GRE, protocol 47:
It's not UDP.
It appears that CenterBeam VPN uses Cisco gear:
If this is the case, then they should be able to encapsulate this into UDP
or IP and
MetroFi proposes an advertising-supported service with a 1 Mbps connection, or
the same connection without advertisements for $20 a month.
As with many companies operating under self-regulatory privacy norms, MetroFi's
In case someone ddi'ent say, if they are using CISCO IPSEC, etc, what happen
1. Client requests via TCP to start a VPN session
2. Server sends back UDP packets to start the session
3. NAT/MASQ blocks these un-authed UDP packets.
The two anaswers are.
1. Tell the customer to change
IPSEC uses the GRE, but also traverse UDP. CISCO VPN clints do use UDP,
they use GRE to do the establishment sometimes as well.The Cisco VPN
client is a pain, regardless, but there is a option for TCP connectivity.
From: [EMAIL PROTECTED] [mailto:[EMAIL
I seem to remember specifically allowing this UDP years ago when I used
iptables, ipfwm and ipchains.
Once these rules were in place, the Cisco VPN (encapsulated inside UDP)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dennis
Always love you guys. You know where to find me.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Dennis Burgess - 2K Wireless
Sent: Monday, January 15, 2007 6:31 PM
To: 'WISPA General List'
Subject: RE: [WISPA] Looking for Trangos
She don't like us
Looking for Net to Net 6 port ds3 - Ethernet converters ...
Gino A. Villarini
Aeronet Wireless Broadband Corp.
tel 787.273.4143 fax 787.273.4145
WISPA Wireless List: email@example.com
Marlon K. Schafer (509) 982-2181 wrote:
There are already standards in place on what and how to do this for
the DSL industry, cable is working on a standard. The conversation
was more technical than I can recall word for word, but it sounds like
it would be a very very good idea for us to
I have one rule that I thought would work with all NAT friendly vpns:
# Masquerade for wireless 10.10.0.0
iptables -A POSTROUTING -s 10.10.0.0/16 -o ppp0 -j MASQUERADE
So is this Centerbeam VPN not 'NAT friendly'? I don't currently have
the option to pass routable IPs to customers :(
My approach is a little more lazy than most firewall management people
provide, I suspect. If a customer isn't able to function within the set
of firewall rules that I have set for most of the customers, I add his
IP to a whitelist list of IP addresses in my firewall. These addresses
Mail list logo