[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Completely transparent VPN between NATed sites

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Completely transparent VPN between NATed sites
From: Jason Dixon <jason_(_at_)_dixongroup_(_dot_)_net>
Date: 15 Aug 2003 06:56:57 -0400
Organization: DixonGroup Consulting

On Fri, 2003-08-15 at 05:52, René Matthäi wrote:

> do you think it is generally possible to setup such a setup with 
> built-in ipsec(?) resp. with KAME on (Open)BSD
> 
> 
> LAN-A ----- FW/NAT =====(internet)===== FWL/NAT ----- LAN-B
> 192.168.1.x                                           192.168.2.x
> 
> 
> so that _everything_ works, including FTP, LDAP, H.323...?

Yes, assuming everything is unicast.  Broadcast won't route, so stuff
like netbios broadcast is broken (use a WINS server).  Everything else
should work, assuming you don't block it with your filter rules.  IPsec
works at a lower OSI layer, so it should be completely transparent to
applications.

-- 
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net

Follow-Ups:
- Re: Completely transparent VPN between NATed sites
  - From: René Matthäi

References:
- Completely transparent VPN between NATed sites
  - From: René Matthäi

Prev by Date: Re: Completely transparent VPN between NATed sites
Next by Date: Re: OpenBSD 3.3 floppyC33 installation stalls at pciide0
Previous by thread: Re: Completely transparent VPN between NATed sites
Next by thread: Re: Completely transparent VPN between NATed sites
Index(es):
- Date
- Thread

Visit your host, monkey.org