> I'm trying to get a freeswan VPN working from a Windows XP > machine through an ADSL modem doing NAT to my Linux (Fedora > Core 1) gateway. > > The setup is: > > Laptop (WinXP) == ADSL Modem == Linux gw > > The VPN works fine when the laptop is on dial-up. It all > breaks down when going through the ADSL modem. Seemingly > because of NAT.
I know that you need to ensure that the NAT doesn't change the Port Number for the UDP, IIRC it's port 500 for src and destination. You also cannot use the AH part of IPSec, because that puts a checksum on the packet - which obviously changes as the packet goes through the NAT. So, 1) Make sure that the NAT keeps src & dst port for the UDP packets 2) Make sure that you are only using ESP and not AH+ESP. > The modem apparently does VPN pass-through but I haven't > found any real explanation as to what that really means either. Often they are talking about PPTP VPNs when they say this. > Do I have a hope or do I need to find some way to get the > modem into bridged mode to avoid the NAT/DHCP stuff altogether? I've used Alcatel ADSL to just forward all packets to a smoothwall gateway. This did NAT. Again I needed to ensure that the UDP packets keep the src&dst ports. This was: Redhat GW----Internet---- ADSL--Smoothwall GW And the Redhat started the VPN connection. Regards, Tim White -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
