Firewall Wizards mailing list archives

RE: VPN Problems

From: "Bradley Schatz" <bradley () tripledash com>
Date: Thu, 16 Aug 2001 14:07:18 +0100

What recommendations would one have for VPN's that would work over these
kind of restrictions? (assuming interoperation with say Win32 &
Linux/BSB)

L2TP seems to be the only candidate I have found.

-bradley

-----Original Message-----
From: Lucas Thompson [mailto:Lucas.Thompson () watchguard com]
Sent: 13 August 2001 23:19
To: 'Ryan Russell'; Jason Wu
Cc: firewall-wizards () nfr com
Subject: RE: [fw-wiz] VPN Problems

This is very often a problem where ISPs filter IP 50 or 51.  
A really good
way to test it is to use the traceroute that comes with OpenBSD.
Openbsd's traceroute allows you to use arbitrary IP protocol 
numbers instead
of just UDP or ICMP like most of them.  Then sniff at your 
site(s) to see if
it gets through.

I just wish I had a Linux port of it  :)

lucas

-----Original Message-----
From: Ryan Russell [mailto:ryan () securityfocus com]
Sent: Friday, August 10, 2001 4:53 PM
To: Jason Wu
Cc: firewall-wizards () nfr com
Subject: Re: [fw-wiz] VPN Problems

On Thu, 9 Aug 2001, Jason Wu wrote:

Hi, has anyone on this list had any problems with their

VPNs that can be

traced to something the ISP is doing?


Sure.  I've had ISPs not pass the packet types I needed them 
to, despite
their claims that they do no filtering.  Do a traceroute some 
time and see
how many ISPs you cross.

I want to get an idea of how
prevalent it is for ISPs to filter VPN traffic or to

perform NAT causing

AH to break etc.


Yes, any of that will break AH.  Or GRE.  Or IPinIP, etc...

Also, how have you worked around these limitations?


Change ISPs or VPN software.

But at least I'm not bitter or cynical about it. :)

Note that it is explicitly against the policies of some ISPs 
to use a VPN.

                                      Ryan

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

VPN Problems Jason Wu (Aug 10)
- Re: VPN Problems Ryan Russell (Aug 11)
- <Possible follow-ups>
- RE: VPN Problems Lucas Thompson (Aug 13)
  - RE: VPN Problems - Good traceroute tools. Peter Lukas (Aug 16)
- RE: VPN Problems Walters, Thomas B (Aug 16)
- RE: VPN Problems Ben Nagy (Aug 16)
- RE: VPN Problems Bradley Schatz (Aug 16)