Win2K VPN client behind RedHat 7.2 Netfilter NAT

[peterve]

Hi,

I'm about to do some tests with my XP/Win2K clients behind my RH7.2 Netfilter & NAT server.
My Linux is connected to the internet, my clients have (obviously) private IP addresses.
I want to connect to a VPN server on the internet (not behind a NAT device)... I'm pretty sure Win2K PPTP will work, but I want to know if L2TP will work too...

thanks --------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------

 

[ifincham]

Hi,





I haven't personally done anything with this but you should be able to do it with IPsec and masquerading at least - maybe with L2TP as well but I'm not too sure on that. See the howto -->

http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html

Also, the linux IPsec project -->

http://www.freeswan.org/

Hope this helps

 

[peterve]

I know it can be done with IPSec, tested & verified
but I want to do it with L2TP over IPsec : it's no real IPSec, but (according to the RFC) L2TP 'can' use IPSec to encrypt the tunnel, so Micro$oft implemented L2TP over IPSec

I'm afraid the NAT will corrupt some stuff in the L2TP header, rendering it unusable for clients behind NAT.
On the other hand, when you look at a L2TP session, all there is is : ISAKMP + ESP (looks like IPSec to me)

Hasn't anyone tested this ? --------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------