by /dev/nul » Sun, 18 Aug 2002 01:47:40
I'm currently looking to upgrade my 2.2 kernel to the 2.4 and I run VPN masq
with ipchains.
To do VPN NAT/MASQ with the 2.4 kernel, will I have to patch it? Are there
any resources on this?
Thanks!
by Steve Cowle » Sun, 18 Aug 2002 04:23:09
> I'm currently looking to upgrade my 2.2 kernel to the 2.4 and I run VPN
masq
> with ipchains.
> To do VPN NAT/MASQ with the 2.4 kernel, will I have to patch it? Are
there
> any resources on this?
If your wanting to establish multiple outbound VPN's from behind your
firewall, then my understanding is you will need to apply the connection
tracking patch mentioned at John Hardin's website.
Also, I believe the above rules apply if your wanting to masquerade a VPN
server behind your firewall. FWIW: I run a masq PPTP server behind my
2.4.x/iptables based firewall, but I have not tried to simultainiosly
connect from two different ip address. Maybe someone else can verify this.
As far as resources, I use "shorewall" to configure iptables. Checkout:
www.shorewall.net The Documentation for shorewall contains a chapter on
VPN's which might help you in your quest to migrate from 2.2.x to 2.4.x
Steve Cowles
remove the _ to reply
by /dev/nul » Sun, 18 Aug 2002 14:13:00
Excellent. Thank you.Quote:> If your simply wanting to establish a single outbound PPTP/IPSEC (esp) VPN
> from behind your firewall, then the 2.4.x kernel/netfilter package works
> fine without any patches. At least I've had no problems and I'm running
> stock 2.4.x kernels on my firewall without any patches.
Ah yes, on occasion I have two internal boxes that connect to VPN on theQuote:> If your wanting to establish multiple outbound VPN's from behind your
> firewall, then my understanding is you will need to apply the connection
> tracking patch mentioned at John Hardin's website.
What about running a VPN on the firewall box? No masq or NAT required, so IQuote:> Also, I believe the above rules apply if your wanting to masquerade a VPN
> server behind your firewall. FWIW: I run a masq PPTP server behind my
> 2.4.x/iptables based firewall, but I have not tried to simultainiosly
> connect from two different ip address. Maybe someone else can verify this.
wow, don't think I had ever seen shorewall before. Looks promising. ThanksQuote:> As far as resources, I use "shorewall" to configure iptables. Checkout:
> www.shorewall.net The Documentation for shorewall contains a chapter on
> VPN's which might help you in your quest to migrate from 2.2.x to 2.4.x
well, I've already thanked you three times, here's the rest I owe:
thanks a 999,997!
by Steve Cowle » Sun, 18 Aug 2002 21:05:44
> What about running a VPN on the firewall box? No masq or NAT
> required, so I expect no problems, correct?
:-) Good LuckQuote:> > As far as resources, I use "shorewall" to configure iptables. Checkout:
> > www.shorewall.net The Documentation for shorewall contains a chapter on
> > VPN's which might help you in your quest to migrate from 2.2.x to 2.4.x
> wow, don't think I had ever seen shorewall before. Looks promising.
> Thanks again.
> well, I've already thanked you three times, here's the rest I owe:
> thanks a 999,997!
Steve Cowles
remove the _ to reply
1. OpenBSD 2.9 (IPF & NAT) Firewall & Microsoft VPN problem
2. Some Questions on Solaris 2.6
3. &&&&----Looking for a unix shell------&&&&&
4. How to read lines backwards from a file?
5. Problem with VPN & Masqueraded IP under 2.4 kernel
6. ttys
7. ppp && PPPoE && ADSL && net && buffer(s)
9. 没有人用中文吗?
10. HTB & Redhat 7.x & kernel 2.4.x
11. &&&&&& SUGGESTION ??? &&&&&&&&
12. SiS630 chipsets && linux 2.4.x kernel == snails pace?
13. Multiple & vs. && and | vs. || bugs in 2.4 and 2.5