* Linux firewall + NAT Traversal + IPsec
@ 2005-04-07 17:49 John Mok
2005-04-08 12:39 ` Sietse van Zanen
0 siblings, 1 reply; 3+ messages in thread
From: John Mok @ 2005-04-07 17:49 UTC (permalink / raw)
To: netfilter
Hi,
I'm new to Linux. Is it possible make a Linux box with firewall + NAT,
such that client PC(s) from the NATed internal network could connect to
a VPN gateway on the Internet :-
client PC ----- Linux iptables firewall + NAT ---- Internet ---- IPsec
VPN gateway
192.168.x.x/16 (e.g.
Checkpoint FW-1)
(VPN client)
I hope someone could help to advise what software / kernel patch is
required on the Linux box to NAT traversal work and where to get the
HOWTO(s)?
Thanks a lot.
John Mok
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: Linux firewall + NAT Traversal + IPsec
2005-04-07 17:49 Linux firewall + NAT Traversal + IPsec John Mok
@ 2005-04-08 12:39 ` Sietse van Zanen
2005-04-08 19:35 ` Taylor, Grant
0 siblings, 1 reply; 3+ messages in thread
From: Sietse van Zanen @ 2005-04-08 12:39 UTC (permalink / raw)
To: netfilter
As far as I know, you would not need anything on the Linux box.
It will all depend on whether the clients and server IPSEC implementation
support IPSEC NAT T(raversal).
Microsofts IPSEC implementation does. But has some drawbacks.
-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of John Mok
Sent: 07 April 2005 19:50
To: netfilter@lists.netfilter.org
Subject: Linux firewall + NAT Traversal + IPsec
Hi,
I'm new to Linux. Is it possible make a Linux box with firewall + NAT, such
that client PC(s) from the NATed internal network could connect to a VPN
gateway on the Internet :-
client PC ----- Linux iptables firewall + NAT ---- Internet ---- IPsec VPN
gateway
192.168.x.x/16 (e.g.
Checkpoint FW-1)
(VPN client)
I hope someone could help to advise what software / kernel patch is required
on the Linux box to NAT traversal work and where to get the HOWTO(s)?
Thanks a lot.
John Mok
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Linux firewall + NAT Traversal + IPsec
2005-04-08 12:39 ` Sietse van Zanen
@ 2005-04-08 19:35 ` Taylor, Grant
0 siblings, 0 replies; 3+ messages in thread
From: Taylor, Grant @ 2005-04-08 19:35 UTC (permalink / raw)
To: Sietse van Zanen, netfilter
If I understood John correctly he is wanting to use his Linux IPSec firewall
/ NAT router as one end of the IPSec VPN tunnel. If that is indeed the case
then yes Linux can be configured to do so. You will need to look at
FreeS/WAN (dyeing / defunct (as I know it)) and / or OpenS/WAN (alive and
kicking very strongly). There are some interoprability incompatabilities
between different IPSec implementations between FreeS/WAN / OpenS/WAN and
other vendor's IPSec VPN products. I personaly know that I have gotten
OpenS/WAN (version unknown at the moment) to work with Linksys BFEVP41
(first version) routers as long as I keep a ping flowing through the VPN.
Grant. . . .
> As far as I know, you would not need anything on the Linux box.
>
> It will all depend on whether the clients and server IPSEC implementation
> support IPSEC NAT T(raversal).
>
> Microsofts IPSEC implementation does. But has some drawbacks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-04-08 19:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-07 17:49 Linux firewall + NAT Traversal + IPsec John Mok
2005-04-08 12:39 ` Sietse van Zanen
2005-04-08 19:35 ` Taylor, Grant
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.