But, the client DOES allow SSH outbound I can access my home server from this location. So.. the question becomes it is possible to tunnel IPSec over SSH? Kind of like a IPSec-Squid proxy thing? Has anyone ever done this? Is it even possible? Has anyone ever accomplised this and, if so, how?
Um, you are aware that IPSec uses protocols 50 and/or 51, right? Not IP (number 0). I'd be very surprised if there was a proxy that supported this kind of thing.
However, there is always more than one way to do it. Check out Etherpuppet: http://www.cartel-securite.fr/pbiondi/projects/etherpuppet
It will let you essentially create a tunnel between two hosts at an interface level. Create an Etherpuppet tunnel through SSH from inside the network to somewhere outside that allows IPSEC, then IPSEC from that site to wherever your ultimate IPSEC destination is.
Pain in the ass, but it would work. What you are trying to do is (to my knowledge) not easy.
Mike -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
