I have one rule that I thought would work with all NAT friendly vpns:

# Masquerade for wireless 10.10.0.0
iptables -A POSTROUTING -s 10.10.0.0/16 -o ppp0 -j MASQUERADE

So is this Centerbeam VPN not 'NAT friendly'?   I don't currently have
the option to pass routable IPs to customers :(

On 1/15/07, Frank <[EMAIL PROTECTED]> wrote:
I seem to remember specifically allowing this UDP years ago when I used
iptables, ipfwm and ipchains.

Once these rules were in place, the Cisco VPN (encapsulated inside UDP)
worked fine.

Frank


> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dennis
> Burgess - 2K Wireless
> Sent: Monday, January 15, 2007 4:36 PM
> To: 'WISPA General List'
> Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway
>
> In case someone ddi'ent say, if they are using CISCO IPSEC,
> etc, what happen
> is this.
>
> 1.  Client requests via TCP to start a VPN session
> 2. Server sends back UDP packets to start the session
> 3.  NAT/MASQ blocks these un-authed UDP packets.
>
> The two anaswers are.
>
> 1. Tell the customer to change their CISCO VPN client to TCP,
> works just as
> good.
> 2. Have the customer pay for a business account and a static IP.
>
> Those are my options for these customers, I have a number of them.
>
> Denni
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of rabbtux rabbtux
> Sent: Monday, January 15, 2007 1:45 PM
> To: WISPA General List
> Subject: [WISPA] IPsec/UDP and my border NAT gateway
>
> Anyone have suggestions on what I need to do to allow my customer to
> do this type of VPN.  I currently have customers behind my
> linux/iptables firewall that masquerades them out a single IP.   This
> is the first customer who is having problems.  Do I need a special
> rule to accomodate them??
>
> The customer is using CenterBeam VPN services, and they tell him that,
> "your isp is blocking VPN pass thru".   I'm not blocking anything.
> help!
>
> Thank you kindly,
> marshall
> --
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
>
>
> --
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to