From: Paul Dorman <pauld@cwa.co.nz>
To: gtaylor@riverviewtech.net
Cc: netfilter@lists.netfilter.org
Subject: Re: Seamless communication across VPN link
Date: Fri, 18 Mar 2005 10:11:23 +1300 [thread overview]
Message-ID: <1111093883.30955.25.camel@localhost.localdomain> (raw)
In-Reply-To: <4239306D.7030101@riverviewtech.net>
Hi Grant,
thanks very much for your reply. Really kind of you to take so much time
to explain things nice and clearly for me.
I had implemented exactly what you described, along with some SNAT rules
to make the packets look like they were coming from the VC unit on the
way back to the provider, but due to complications (H323 & NAT over two
Linux firewalls are *not* cooperative) we had to abandon the whole idea
of NATing. Instead we opted to bypass the ipsec connection for the VC
traffic (which is encrypted anyway) using some policy routing and a
couple of extra aliases on either side of the connection. I was
fortunate enough to stumble onto an alternative kernel for the
Smoothwalls which has the stuff required for source-based policy routing
using iproute2. This approach was successful, and the implications of
not using the ipsec for the H323 traffic isn't too severe as the traffic
is encrypted at any rate, and our wireless is highly directional and
would be difficult to sniff anyway.
Thanks again for staying up late mulling over my predicament. It's
always great to find people like yourself who are so generous with their
time.
Regards,
Paul
prev parent reply other threads:[~2005-03-17 21:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-15 7:33 Seamless communication across VPN link Paul Dorman
2005-03-17 8:03 ` Grant Taylor
[not found] ` <4239306D.7030101@riverviewtech.net>
2005-03-17 21:11 ` Paul Dorman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1111093883.30955.25.camel@localhost.localdomain \
--to=pauld@cwa.co.nz \
--cc=gtaylor@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox