A "Standard" Ipsec VPN will use GRE, protocol 47:

It's not UDP.

It appears that CenterBeam VPN uses Cisco gear:

If this is the case, then they should be able to encapsulate this into UDP
or IP and this should allow the client inside your network to connect. You
may need to verify that your iptables rules are allowing "any" UDP traffic.

The Cisco PIX firewalls and their VPN hardware support this type of
encapsulation expressly for the purpose of passing through NAT gateways.

If the VPN client is not configured for UDP or TCP then there is likely
nothing you can do since GRE and NAT are not always friendly to each other.
Verify that the Cisco Software VPN client on your customer's PC is set to
encapsulate (tunnel) within UDP.

You may need some diagnostic tools like a sniffer (ethereal.com) or use
tcpdump within your Linux firewall. Also, logging dropped packets in your
iptables firewall may also be of assistance.

Thank you

Frank Keeney
Pasadena Networks, LLC
Antennas, Cables and Equipment:


> -----Original Message-----
> From: rabbtux rabbtux
> Anyone have suggestions on what I need to do to allow my customer to
> do this type of VPN.  I currently have customers behind my
> linux/iptables firewall that masquerades them out a single IP.   This
> is the first customer who is having problems.  Do I need a special
> rule to accomodate them??
> The customer is using CenterBeam VPN services, and they tell him that,
> "your isp is blocking VPN pass thru".   I'm not blocking anything.
> help!
> Thank you kindly,
> marshall

WISPA Wireless List: wireless@wispa.org


Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to