On Oct 18, 2009, at 4:47 PM, Tom Mazzotta wrote: > When the astlinux box is behind a NAT, what ports/protocol do I need > to forward to the box for IPsec to work with another astlinux box on > the Internet?
You would need to forward ESP (raw IP 50) and IKE (UDP 500), and NAT-T (UDP 4500), but I'm not certain even astlinux 0.7 supports astlinux-to- astlinux IPSEC with either endpoint behind NAT. I'm assuming that wouldn't work unless possibly the astlinux box behind NAT had the IPSEC local address set the public IP address of the NAT-ing router, Philip can correct me. Both Astlinux boxes must have 'static' public IP addresses for IPSEC. Only try this with 0.7 and enable NAT-T. On the other hand, this can be done with 0.7 and OpenVPN. Port forward UDP 1194 on either or both astlinux endpoints that are behind NAT... set one endpoint to be OpenVPN Server and the other to OpenVPN Client with matching credentials. Defining the proper OpenVPN route configuration is the tricky part for most. Lonnie ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
