RE: [STN] A Final plea to John Lombardo

Ian McDermid Tue, 29 May 2001 02:52:48 -0700
Jim,

What we need here is the ability to masquerade the encrypted payload. The kernel that 
STN is compiled with is 2.0.33, 2.0.37 had the patches in.

Basically, you need this facility if you are using a PIX or Firewall1 as your Internet 
access point. The UDP (Port 500) packets are sent OK. However, masquerade works by 
changing the source address form your private range to IP address given to you by your 
ISP. This is the problem, if the source address is changed the checksum fails so the 
firewall rejects the packet.

If you go to Google and search for IPSEC masquerade it has a much better description 
than I can give.

PPTP is a TCP protocol that can survive masquerade with the current STN version

Ian.


-----Original Message-----
From:   Jim Harris [SMTP:[EMAIL PROTECTED]]
Sent:   None
To:     [EMAIL PROTECTED]
Subject:        RE: [STN]  A Final plea to John Lombardo

I am a little confused here.....

Ian (and others) are clambering for IPSEC masq, (and I'll vote for that 
too. . . but...)

1.  Will someone please remind me what it -IS-??
2.  Stan is making noises like this means STN does not support outbound 
(from home to work via STN) VPN...... it either does not work - or does 
not masq properly???

The version of STN -I- have, does, repeat DOES support outbound VPN. (I 
think, but am not sure, that it does not support -INBOUND- VPN)

I have a work laptop that I can plug into the network at my job, and due 
to the way I have DNS configured on my "home" network - I can plug it in 
here, and it can find the gateway, etc. just fine.  In fact, I often use 
my home network, and associated cable connection thru STN, to make 
outbound VPN connects to my job.  I connect thru to the network - 
download test files, start servers and services, and otherwise go hog 
wild.  No problem....

Maybe I am missing something??

Jim

Stan Simmons wrote:
> I second that! My company will be closing all holes in the firewall and
> putting in a VPN system this summer. I am going to have to leave STN 
> (after
> several years of happy use) when this happens unless an update happens 
> soon.
> I am not happy about this.
> 
> Stan
> 
> > -----Original Message-----
> > From: Ian McDermid [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, May 28, 2001 6:42 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: [STN] A Final plea to John Lombardo
> >
> >
> > John,
> >
> > Would you consider releasing a new version say 2.1.4 that
> > incorporates kernel 2.0.39. This kernel supports IPSEC
> > masquerade. This forum is full of people who want this facility
> > so they communicate with PIX/Firewall1 systems.
> >
> > Regards
> >
> > Ian
> >
> > ====================
> > Transfer balances from high-interest credit cards to your
> > NextCard(r) Visa(r) and start saving money instantly! Apply Now!
> > http://click.topica.com/caaacd1bz8Rp2bAfyGsf/NextCard
> > ====================
> >
> > --
> > Visit http://www.ShareTheNet.com for info about ShareTheNet
> > Visit http://www.topica.com/lists/sharethenet for info about this list
> > To Unsubscribe send email to: [EMAIL PROTECTED]
> >
> >
> 

============================================================
Visit Ancestry.com for a FREE 14-Day Trial and enjoy access
to the No. 1 Source for Family History Online. Search over 1
Billion names and trace your family tree today. Click here:
http://click.topica.com/caaab7bbz8Rp2bAurhVf/MyFamily
============================================================

--
Visit http://www.ShareTheNet.com for info about ShareTheNet
Visit http://www.topica.com/lists/sharethenet for info about this list
To Unsubscribe send email to: [EMAIL PROTECTED]



===========================================================Experience Home Delivery of 
THE NEW YORK TIMES!
~~<< * * * Y O U   D E S E R V E  I T * * * >>~~
Now, at 50% OFF, you can also afford it! Click Below:
http://click.topica.com/caaab5Abz8Rp2bAfyICf/NYTimes
===========================================================
--
Visit http://www.ShareTheNet.com for info about ShareTheNet
Visit http://www.topica.com/lists/sharethenet for info about this list
To Unsubscribe send email to: [EMAIL PROTECTED]

==^================================================================
EASY UNSUBSCRIBE click here: http://topica.com/u/?bz8Rp2.bAfyIC
Or send an email To: [EMAIL PROTECTED]
This email was sent to: [email protected]

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================
application/ms-tnef
RE: [STN] A Final plea to John Lombardo

Reply via email to
