> John D. Hardin's VPN masq HOWTO
> (http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html) states he's not sure
> about the state of vpn masq on the 2.4 kernel.
> I'm currently looking to upgrade my 2.2 kernel to the 2.4 and I run VPN
> with ipchains.
> To do VPN NAT/MASQ with the 2.4 kernel, will I have to patch it? Are
> any resources on this?
If your simply wanting to establish a single outbound PPTP/IPSEC (esp) VPN
from behind your firewall, then the 2.4.x kernel/netfilter package works
fine without any patches. At least I've had no problems and I'm running
stock 2.4.x kernels on my firewall without any patches.
If your wanting to establish multiple outbound VPN's from behind your
firewall, then my understanding is you will need to apply the connection
tracking patch mentioned at John Hardin's website.
Also, I believe the above rules apply if your wanting to masquerade a VPN
server behind your firewall. FWIW: I run a masq PPTP server behind my
2.4.x/iptables based firewall, but I have not tried to simultainiosly
connect from two different ip address. Maybe someone else can verify this.
As far as resources, I use "shorewall" to configure iptables. Checkout:
www.shorewall.net The Documentation for shorewall contains a chapter on
VPN's which might help you in your quest to migrate from 2.2.x to 2.4.x
remove the _ to reply