Vance:
Hard to say. Obviously, you can connect multiple clients to
a VPN server if it's only one at a time: just switch the settings to
show who should be connected, and re-start.
But I suspect you're asking about doing it simultaneously.
This is tricky. In fact, I suspect it's not possible if you're using your
LEAF/LRP disk to NAT a single IP address to be shared with your whole
LAN. That is, IPsec requires the use of both ipmasqadm and ipfwd to
forward the TCP and AH packets across the NAT'ing firewall. I know that
the ipmasqadm part can only forward TCP from one IP-addresss tied to
the external interface to exactly one machine on your LAN. The ipfwd
utility, though, may be able to send it to more than one.
So...do you have one external IP address, or a collection of
them (some ISPs have 5-IP-Address packages, for instance)? If only
one, I think the short answer is: no, this can't be done.
Love to be wrong, of course. If someone's gotten this to
work somehow, start typing. :)
cheers,
Scott
>What if I want multiple client machines behind a LRP firewall to be able to
>connect to a VPN server? The echowall rules only allow one MAC id. Or do
>they? Can this be done?
>
>Vance Price
>
>>Now your LRP box should be VPN capable. You still need
>> to configure the firewall to support your client Win98 box,
>> however. For that, I use echowall. Tell it the MAC-ID of the
>> box you want to IPSec from, put that into "IPSEC_HOST_MACID"
>> field in the .conf file. If you don't know the MAC-ID, just use
>> "echowall scan" to see a list for your whole LAN. Then put IPSEC
>> into the WANTED_SERVICES list ( actually, I think it's there by
>> default). Once your .conf is updated, use "echowall start" and
>> it should all fly.
>> No, really. :)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
