[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Hello everybody,
> 
> 
> I have the following problem: I have a machine behind a NAT
performing 
[snipsnip]
> -The operating system: Linux

Use manual keying, should do the trick. To do auto keying the pluto's
would need to talk to each other, you could forward port 500 in, but
as you said you do not control the NAT box. As for automagically
bringing the link up as needed (ala diald I guess you are thinking) no
problem with leaving it up, no packets moving means no realy resource
usage. At home I have a K5/100 running Email, Squid, IPMasq, IPSec,
Samba, DNS, FTP, etc, no problems if you set it up right and tune the
various things well.
 
If you wanna be paranoid, setup a manually keyed tunnel from a to b,
then using that you can setup an auto keyed tunnel (since they can
talk to each other), although that would result in a LOT of overhead.

> 
> Any ideas and suggestions are welcomed.
> 
> Many thanks,
> 
> Florian
> 
> P.S: Maybe this were not the most appropriate forums were to ask. If
> that is the case, appologies in advance. Any hint in this respect
will
> be appreciated. 

I think this is entirely the right forum since I;m sure other people
have wondered this.


- -Kurt Seifried, MCP+I, MCSE
https://www.seifried.org/kurt/
Linux Administrator's Security Guide
https://www.seifried.org/lasg/



-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2

iQA/AwUBN4+U2Ib9cm7tpZo3EQJUrwCeKpDK6QkMHSOLYlbCPdp5F1qTwukAoPi7
7+plQZVuQuKz3sI7qyRCJFDR
=3Prj
-----END PGP SIGNATURE-----





References: