[leaf-user] Bering 1.2 NAT-traversal?

Fri, 16 Jul 2004 11:24:51 -0700 

Hello list:
In booting up Bering 1.2, one of the messages in auth.log is:
Jul 16 13:07:15 firewall pluto[25864]:   including NAT-Traversal patch
(Version0.5a) [disabled]

How does one enable NAT traversal -- and is it right for what I want to
do (pretty sure it is but thought I would ask the list)?

I am interested in allowing machines on a local internal net connect
into a distant VPN. These machines are behind a Bering FW running NAT--
basically masquerading or Port Address translation. The local FW has a
single static IP on the external interface (thru DSL). 

I am interested in running a road-warrior config on the distant firewall
(also Bering 1.2) and connecting my client machine(s) through the local
firewall.
I have tried an identical w2000 client IP security policy behind the
local firewall and in front of it. The behind case doesn't work, but the
"in front" does. Ascii art:

(won't work)
Win2kclient --- local FW (NAT/PAT)-- internet -- distant FW
(NAT/PAT+IPSEC) --- distant net
                                               |---- win2kclient (will
work)                  

Both win2000 clients are set up like the Bering user's guide, using
ESP/MD5.  I believe NAT traversal is specifically for ESP.

I looked on the Freeswan user's list and found  some kind of info about
a different error message -- not sure if I need a recompiled Bering
kernel...?

The other alternative seems to be client patches and/or extra VPN client
s/w to enable NAT traversal, which I believe puts the original IP inside
a UDP packet.  Rather not have to do this for all machines (i.e.
Windoze, Macs, linux).
For anyone interested, the one for Win 2000 is located at
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2
tpclient.asp

Any help appreciated.

TIA,
Rick.


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to