Re: [leaf-user] Double Private Network / FreeS/WAN problem

Fri, 21 Jun 2002 10:12:00 -0700 


Without looking at this in any depth, it appears you are trying to
ipsec from behind a NAT router and I don't believe that will work.
Why will Charter not hand out a public address ?
Maybe you should inquire.  Then you'd have to , if i'm right, not do nat
on the Dlink.

IPSec is, of course, they say, and are working on it,
NATable, but it is really designed
as a point to point tunnel, with subnets behind the endpoints.





Jonathan French <[EMAIL PROTECTED]> on 06/21/2002 12:13:50 PM

To:   [EMAIL PROTECTED]
cc:    (bcc: Phillip Watts/austin/Nlynx)

Subject:  [leaf-user] Double Private Network / FreeS/WAN problem




Howdy,

I've been setting up a VPN.  One of my clients has a Charter Pipeline
internet connection at home, and wants to communicate with the LEAF box
at his work via FreeS/WAN.  I got him a D-Link firewall box to stick
between his cable modem and his computer as an added layer of security.
Then I had him do a traceroute to www.yahoo.com so I could get his
"nexthop" information to configure /etc/ipsec.conf.  From this file, I
noted:

1  192.168.0.1 {d-link box}
2  10.d.e.f    {Charter Pipeline gateway saving IP's!}
3  24.205.g.h  {a real IP that can be pinged from the outside world}
4  {and so forth to www.yahoo.com}

So his network looks like:

192.168.0.115 {internal machine address}
                 |
                 |
192.168.0.1 {d-link internal address}
10.a.b.c    {d-link external address}
                 |
                 |
10.d.e.f    {Charter cable internal gateway}
24.205.g.h  {Charter cable external gateway - pingable from outside}


Charter Pipeline is apparently saving money by using IP masquerading
themselves.  This leaves me with a problem defining "right /
rightnexthop / rightsubnet" in /etc/ipsec.conf.  Any ideas?

Thanks,
Jon


-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html






-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html























					Reply via email to