[leaf-user] Bering & NAT Traversal stuff
Hi folks, 1.) Do I understand it correctly that the latest Bering(s)(Bering-uClibc & Bering) both support NAT traversal? I'm a little confused because of the earlier post entitled "Bering 1.1 and NAT-Traversal" that referred to Alex Rhomberg's LEAF Page at http://leaf-project.org/mod.php?mod=userpage&menu=1402&page_id=49 seemed to suggest you might need to do something different if you wanted your Bering box to support traversal. 2.) Is it difficult (or even possible) to connect to a box behind Bering using IPSec? (I have a Windows 2000 Server on my LAN that I would like to securely connect to.) I see that Jacques says "NAT-Traversal patch allows FreeS/WAN to be used behind any NAT device by encapsulating ESP in UDP.", so is it a *better* approach to securely connect to my Bering box (but then how do you "browse" your LAN?), or should I try to connect to the box directly, since FreeS/WAN will now NAT traverse? Thank you for your input! Craig --- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Bering & NAT Traversal stuff
> 1.) Do I understand it correctly that the latest Bering(s)(Bering-uClibc & > Bering) both support NAT traversal? I'm a little confused because of the > earlier post entitled "Bering 1.1 and NAT-Traversal" that referred to Alex > Rhomberg's LEAF Page at > http://leaf-project.org/mod.php?mod=userpage&menu=1402&page_id=49 > seemed to > suggest you might need to do something different if you wanted your Bering > box to support traversal. Bering 1.1 should support NAT traversal, but there still seem to be some problems. I use my own kernel available on the page you referenced, and I have tested it successfully with NAT traversal, plus it includes some more stuff (ipsec algorithm patches and some netfilter things) > 2.) Is it difficult (or even possible) to connect to a box behind Bering > using IPSec? (I have a Windows 2000 Server on my LAN that I would like to > securely connect to.) I see that Jacques says "NAT-Traversal patch allows > FreeS/WAN to be used behind any NAT device by encapsulating ESP > in UDP.", That's the point of IPSec, secure connections to boxes behind firewalls. NAT Traversal is needed for this setup: Server --- Bering --- Internet --- NAT-box --- IPSec Client If your IPSec Client uses a public IP address, you don't need nat traversal. It doesn't matter if your Bering box does NAT for your server, as through the tunnel, you will address the server by its private address without NAT - Alex --- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering & NAT Traversal stuff
Hi folks, Thank you Alex for your input! Do I need to do a kernel recompile and stuff like that (it seems like I do), or do I simply download your kernel, the new IPSec.lrp package, necessary modules...and then substitute those in place on my current working Bering CD? Thank you! Craig -Original Message- From: Alex Rhomberg [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 7:19 AM To: Craig Caughlin; LEAF Subject: AW: [leaf-user] Bering & NAT Traversal stuff > 1.) Do I understand it correctly that the latest Bering(s)(Bering-uClibc & > Bering) both support NAT traversal? I'm a little confused because of the > earlier post entitled "Bering 1.1 and NAT-Traversal" that referred to Alex > Rhomberg's LEAF Page at > http://leaf-project.org/mod.php?mod=userpage&menu=1402&page_id=49 > seemed to > suggest you might need to do something different if you wanted your Bering > box to support traversal. Bering 1.1 should support NAT traversal, but there still seem to be some problems. I use my own kernel available on the page you referenced, and I have tested it successfully with NAT traversal, plus it includes some more stuff (ipsec algorithm patches and some netfilter things) > 2.) Is it difficult (or even possible) to connect to a box behind Bering > using IPSec? (I have a Windows 2000 Server on my LAN that I would like to > securely connect to.) I see that Jacques says "NAT-Traversal patch allows > FreeS/WAN to be used behind any NAT device by encapsulating ESP > in UDP.", That's the point of IPSec, secure connections to boxes behind firewalls. NAT Traversal is needed for this setup: Server --- Bering --- Internet --- NAT-box --- IPSec Client If your IPSec Client uses a public IP address, you don't need nat traversal. It doesn't matter if your Bering box does NAT for your server, as through the tunnel, you will address the server by its private address without NAT - Alex --- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering & NAT Traversal stuff
Hi folks, Alex - One final question: Is there a .lrp package for the Super FreeS/WAN, or is it compiled within the kernel on your site? Is all I need to do what you mention, "You should be able to use the kernel, modules and ipsec.lrp on my page without a recompile. Don't forget to replace all modules in /boot/lib/modules (initrd.lrp) and /lib/modules (modules.lrp)."??? Thank you. Craig --- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Bering & NAT Traversal stuff
> Alex - One final question: Is there a .lrp package for the Super > FreeS/WAN, > or is it compiled within the kernel on your site? Is all I need to do what > you mention, "You should be able to use the kernel, modules and > ipsec.lrp on > my page without a recompile. Don't forget to replace all modules in > /boot/lib/modules (initrd.lrp) and /lib/modules (modules.lrp)."??? For Super-FreeS/WAN, you need the kernel, the ipsec.lrp package and the modules, but not more. I might eventually rename the package and call it sfsipsec.lrp or something like that (I hate 8.3 filenames) - Alex --- This SF.net email is sponsored by: Tablet PC. Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering & NAT Traversal stuff
Hi folks, Alex - So there's no "package" that I need I need for Super-FreeS/WAN?...it's already "included" (compiled?) within your kernel...is that right? Is there any documentation you can refer me to that would help me set up my Bering and take advantage of the NAT traversal? :-) Thank you very much! Craig -Original Message- From: Alex Rhomberg [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 7:16 AM To: Craig Caughlin; LEAF-user Subject: AW: [leaf-user] Bering & NAT Traversal stuff > Alex - One final question: Is there a .lrp package for the Super > FreeS/WAN, > or is it compiled within the kernel on your site? Is all I need to do what > you mention, "You should be able to use the kernel, modules and > ipsec.lrp on > my page without a recompile. Don't forget to replace all modules in > /boot/lib/modules (initrd.lrp) and /lib/modules (modules.lrp)."??? For Super-FreeS/WAN, you need the kernel, the ipsec.lrp package and the modules, but not more. I might eventually rename the package and call it sfsipsec.lrp or something like that (I hate 8.3 filenames) - Alex --- This SF.net email is sponsored by: Tablet PC. Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Bering & NAT Traversal stuff
Craig, > Thank you Alex for your input! Do I need to do a kernel recompile > and stuff > like that (it seems like I do), or do I simply download your > kernel, the new > IPSec.lrp package, necessary modules...and then substitute those > in place on > my current working Bering CD? Thank you! You should be able to use the kernel, modules and ipsec.lrp on my page without a recompile. Don't forget to replace all modules in /boot/lib/modules (initrd.lrp) and /lib/modules (modules.lrp). The LEAF construction kit on my page would do that for you :-) If you want to compile your own kernel, you might find my description useful Cheers Alex --- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
