Re: [Leaf-user] games, IPsec VPN from *behind* LRP firewall

Thu, 05 Jul 2001 20:42:51 -0700 

 I forgot to mention that we are using PPTP on the VPN not IPSec, if this
makes any difference.

> Vance:
> Hard to say. Obviously, you can connect multiple clients to
> a VPN server if it's only one at a time: just switch the settings to
> show who should be connected, and re-start.
> But I suspect you're asking about doing it simultaneously.
> This is tricky. In fact, I suspect it's not possible if you're using your
> LEAF/LRP disk to NAT a single IP address to be shared with your whole
> LAN. That is, IPsec requires the use of both ipmasqadm and ipfwd to
> forward the TCP and AH packets across the NAT'ing firewall. I know that
> the ipmasqadm part can only forward TCP from one IP-addresss tied to
> the external interface to exactly one machine on your LAN. The ipfwd
> utility, though, may be able to send it to more than one.
>
> So...do you have one external IP address, or a collection of
> them (some ISPs have 5-IP-Address packages, for instance)? If only
> one, I think the short answer is: no, this can't be done.
> Love to be wrong, of course. If someone's gotten this to
> work somehow, start typing. :)
>
> cheers,
> Scott
>
> >What if I want multiple client machines behind a LRP firewall to be able
to
> >connect to a VPN server? The echowall rules only allow one MAC id. Or do
> >they? Can this be done?
> >
> >Vance Price
> >
> >>Now your LRP box should be VPN capable. You still need
> >> to configure the firewall to support your client Win98 box,
> >> however. For that, I use echowall. Tell it the MAC-ID of the
> >> box you want to IPSec from, put that into "IPSEC_HOST_MACID"
> >> field in the .conf file. If you don't know the MAC-ID, just use
> >> "echowall scan" to see a list for your whole LAN. Then put IPSEC
> >> into the WANTED_SERVICES list ( actually, I think it's there by
> >> default). Once your .conf is updated, use "echowall start" and
> >> it should all fly.
> >>       No, really. :)
>



_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to