Re: Connecting to VPN Router That's Behind Another Router
- From: Burkhard Ott <postmaster@xxxxxxxxx>
- Date: Fri, 1 Feb 2008 07:45:50 +0000 (UTC)
Am Thu, 31 Jan 2008 23:15:03 +0100 schrieb Wolfgang Kueter:
Read my lips: You do *NOT* want to terminate an IPSec VPN on a private
IP behind a NAT device. You *want* to terminate it on a public, routable IP.
Why not, first you can control the traffic even on the first device, the
bad thing is you can only say it is an encrypted esp packet.
If i use my roadwarrior access via openswan I do the sam thing only the
direction is turned around (IPSec pass through).
The device with the three interfaces might be an old PC running Linux
with 3 or more NICs if you want to use cheap hardware. OpenSWAN and
iptables will do all what you want but you need some skills to get
everything running.
also openbsd does a good job :).
For a serious thing get a serious device, netgear is mostly cheap crap.
Wolfgang
yes I totally agree with you, espacially in the described environment.
cheers
.
- Follow-Ups:
- Re: Connecting to VPN Router That's Behind Another Router
- From: Wolfgang Kueter
- Re: Connecting to VPN Router That's Behind Another Router
- Prev by Date: Re: IPS Placement
- Next by Date: Re: Connecting to VPN Router That's Behind Another Router
- Previous by thread: Re: New '80s Show
- Next by thread: Re: Connecting to VPN Router That's Behind Another Router
- Index(es):
