[pptp-server] Sanity Check -- NAT + VPN
Jordan Share
iso9 at phantasticant.com
Thu Sep 6 14:21:32 CDT 2001
Ah, I forgot to mention. The nice thing about using IPSec, is that it is an interoperable protocol. The LANs at the colo center are protected by a Netscreen100 firewall, which talks IPSec just fine with freeswan. The VTUN solution that was mentioned is much more proprietary.
But, I've often seen people recommend it, so whatever will work best for you. Me, I like standards. :)
Jordan
P.S. One more caveat that I just remembered, if you are using NAT at some point between the IPSec gateways, things get a bit more tricky. But my IPSec gateway at the office is behind a 1-to-1 NAT box (a Webramp 700s, *shudder*), and it's still talking fine with my linuxbox at home, and the Netscreen100 at the colo. I wasn't able to get it to talk to Win2k's built-in IPSec, when the Win2k box was behind a 1-to-1 NAT box, but I didn't try very hard, because I figured it'd just be easier to put IPSec on my gateway.
-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jordan Share
Sent: Thursday, September 06, 2001 12:08 PM
To: Christopher Kalos; Poptop Mailing List
Subject: RE: [pptp-server] Sanity Check -- NAT + VPN
Why not use FreeS/WAN ? http://www.freeswan.org/
It's the IPSec software for linux. I found it to be relatively straightforward to set up, and there is a lot of assistance available on the mailing list.
I'm using PPTP for win2k clients to VPN into our LAN, and IPSec to connect my home LAN with the office LAN, as well as connect the Office LAN to our colocated LANs.
Everything works flawlessly (although I did have some problems at the beginning with MTU size. :)
Jordan
-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher
Kalos
Sent: Thursday, September 06, 2001 9:22 AM
To: Poptop Mailing List
Subject: [pptp-server] Sanity Check -- NAT + VPN
I've got a group of systems attempting to access our PoPToP VPN from a
remote location. At this point, they're all sharing a single connection to
the outside world, so they're dealing with a NAT gateway. I'm certain that
this can't be done, but I'd like to bounce it off of the list first. Can
multiple clients connect from behind this NAT system to the VPN at the same
time? If so, how would I go about setting that up? I know that at the
moment, it fails miserably each time I try to get two users on, which I'll
chalk up to the GRE traffic.
Thanks in advance,
Christopher Kalos
Systems Administrator
Gotham Broadband
212.206.9620 x340
_______________________________________________
pptp-server maillist - pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --
_______________________________________________
pptp-server maillist - pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --
More information about the pptp-server
mailing list