Firewall Wizards mailing list archives
Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ?
From: "Kurt Seifried" <listuser () seifried org>
Date: Fri, 16 Jul 1999 14:23:56 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello everybody, I have the following problem: I have a machine behind a NAT
performing [snipsnip]
-The operating system: Linux
Use manual keying, should do the trick. To do auto keying the pluto's would need to talk to each other, you could forward port 500 in, but as you said you do not control the NAT box. As for automagically bringing the link up as needed (ala diald I guess you are thinking) no problem with leaving it up, no packets moving means no realy resource usage. At home I have a K5/100 running Email, Squid, IPMasq, IPSec, Samba, DNS, FTP, etc, no problems if you set it up right and tune the various things well. If you wanna be paranoid, setup a manually keyed tunnel from a to b, then using that you can setup an auto keyed tunnel (since they can talk to each other), although that would result in a LOT of overhead.
Any ideas and suggestions are welcomed. Many thanks, Florian P.S: Maybe this were not the most appropriate forums were to ask. If that is the case, appologies in advance. Any hint in this respect
will
be appreciated.
I think this is entirely the right forum since I;m sure other people have wondered this. - -Kurt Seifried, MCP+I, MCSE https://www.seifried.org/kurt/ Linux Administrator's Security Guide https://www.seifried.org/lasg/ -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBN4+U2Ib9cm7tpZo3EQJUrwCeKpDK6QkMHSOLYlbCPdp5F1qTwukAoPi7 7+plQZVuQuKz3sI7qyRCJFDR =3Prj -----END PGP SIGNATURE-----
Current thread:
- IP tunnel over a NAT (IP masq) possible ? Otel Florian-Daniel (Jul 16)
- Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ? Kurt Seifried (Jul 16)
- Re: IP tunnel over a NAT (IP masq) possible ? Steven Brown (Jul 16)
- Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ? John D. Hardin (Jul 18)
- VS: IP tunnel over a NAT (IP masq) possible ? Pekka Turunen (Jul 19)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? O . Schnapauff (Jul 20)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? John D. Hardin (Jul 20)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? O . Schnapauff (Jul 20)