From: "Rangi Biddle" <rangi@ngen.net.nz>
To: lartc@vger.kernel.org
Subject: [LARTC] RE: VPN Solution
Date: Tue, 21 Nov 2006 08:16:25 +0000 [thread overview]
Message-ID: <001101c70d45$590edfc0$0101010a@lamachine> (raw)
In-Reply-To: <000601c70d37$a48d3b30$0101010a@lamachine>
[-- Attachment #1.1: Type: text/plain, Size: 1908 bytes --]
Hi Grant,
> Is your VPN concentrator / server directly on the internet or is there
some sort of port forwarding going on. You could use a DMZ, if the machine
in
> the DMZ had a globally routable IP, i.e. did not use port forwarding of
any sort.
Unfortunately the VPN server does not explicitly have a public IP address
that would allow it to receive connections. At present, the VPN server is
currently sitting behind a DSL router which has a public IP and is receiving
connections via DNAT, in particular port 1723 (PPTP) and protocol 47 (GRE).
The DMZ setup that the DSL router offers is basically having all connections
on the public IP DNAT through to the internal IP address of the VPN server.
I have been able to verify this, as the router itself runs a minimal linux
environment which includes using IPTables for its firewalling capabilities
(D-Link branded DSL router).
Also, I have already mentioned that moving to another type of connection
such as fibre isn't an option as I cannot afford a connection of this type
(I live in New Zealand). Other alternative connections to DSL are not very
affordable and we are very limited to the connection types that we can
choose from.
At present the range of connections are as follows:
Dial-Up - Far too slow
DSL - Affordable and very quick
ISDN - Far too pricey ($900 per month not including data charges)
Cable - Only available in certain areas in New Zealand
Fibre - Far far too pricey ($1,500 per month - 2 Mbps National / 512k
International)
Fibre by far would be the best option as I would receive around 7 public IP
addresses but as you can see from the cost it just isn't very feasible for
only a VPN solution.
As you also mentioned in your previous email about the limitation of
IPTables . is there any workarounds such as using the patch-o-matic patches?
Any comments/suggestions are welcome from anyone.
[-- Attachment #1.2: Type: text/html, Size: 7268 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2006-11-21 8:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-21 6:38 [LARTC] RE: VPN Solution Rangi Biddle
2006-11-21 8:16 ` Rangi Biddle [this message]
2006-11-21 8:36 ` Rangi Biddle
2006-11-22 2:20 ` Rangi Biddle
2006-11-22 14:55 ` Taylor, Grant
2006-11-22 20:13 ` Rangi Biddle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001101c70d45$590edfc0$0101010a@lamachine' \
--to=rangi@ngen.net.nz \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.