RE: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-16 Thread Eric Rogers
: [WISPA] IPsec/UDP and my border NAT gateway I have one rule that I thought would work with all NAT friendly vpns: # Masquerade for wireless 10.10.0.0 iptables -A POSTROUTING -s 10.10.0.0/16 -o ppp0 -j MASQUERADE So is this Centerbeam VPN not 'NAT friendly'? I don't currently have the option

[WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread rabbtux rabbtux
Anyone have suggestions on what I need to do to allow my customer to do this type of VPN. I currently have customers behind my linux/iptables firewall that masquerades them out a single IP. This is the first customer who is having problems. Do I need a special rule to accomodate them?? The

RE: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread Eric Rogers
head. Do a quick google on iptables IPSec NAT and you should find what you need. Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rabbtux rabbtux Sent: Monday, January 15, 2007 2:45 PM To: WISPA General List Subject: [WISPA] IPsec/UDP and my border

Re: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread Butch Evans
On Mon, 15 Jan 2007, rabbtux rabbtux wrote: Anyone have suggestions on what I need to do to allow my customer to do this type of VPN. I currently have customers behind my linux/iptables firewall that masquerades them out a single IP. This is the first customer who is having problems. Do I

RE: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread Frank
A Standard Ipsec VPN will use GRE, protocol 47: http://www.iana.org/assignments/protocol-numbers It's not UDP. It appears that CenterBeam VPN uses Cisco gear: http://newsroom.cisco.com/dlls/prod_121201.html If this is the case, then they should be able to encapsulate this into UDP or IP and

RE: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread Dennis Burgess - 2K Wireless
Sent: Monday, January 15, 2007 1:45 PM To: WISPA General List Subject: [WISPA] IPsec/UDP and my border NAT gateway Anyone have suggestions on what I need to do to allow my customer to do this type of VPN. I currently have customers behind my linux/iptables firewall that masquerades them out a single

RE: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread Dennis Burgess - 2K Wireless
PROTECTED] On Behalf Of Frank Sent: Monday, January 15, 2007 5:05 PM To: 'WISPA General List' Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway A Standard Ipsec VPN will use GRE, protocol 47: http://www.iana.org/assignments/protocol-numbers It's not UDP. It appears that CenterBeam VPN uses

RE: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread Frank
Burgess - 2K Wireless Sent: Monday, January 15, 2007 4:36 PM To: 'WISPA General List' Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway In case someone ddi'ent say, if they are using CISCO IPSEC, etc, what happen is this. 1. Client requests via TCP to start a VPN session 2

Re: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread rabbtux rabbtux
:[EMAIL PROTECTED] On Behalf Of Dennis Burgess - 2K Wireless Sent: Monday, January 15, 2007 4:36 PM To: 'WISPA General List' Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway In case someone ddi'ent say, if they are using CISCO IPSEC, etc, what happen is this. 1. Client requests via TCP

Re: [WISPA] IPsec/UDP and my border NAT gateway

2007-01-15 Thread Pete Davis
My approach is a little more lazy than most firewall management people provide, I suspect. If a customer isn't able to function within the set of firewall rules that I have set for most of the customers, I add his IP to a whitelist list of IP addresses in my firewall. These addresses don't get