[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Completely transparent VPN between NATed sites



On Fri, 2003-08-15 at 05:52, René Matthäi wrote:

> do you think it is generally possible to setup such a setup with 
> built-in ipsec(?) resp. with KAME on (Open)BSD
> 
> 
> LAN-A ----- FW/NAT =====(internet)===== FWL/NAT ----- LAN-B
> 192.168.1.x                                           192.168.2.x
> 
> 
> so that _everything_ works, including FTP, LDAP, H.323...?

Yes, assuming everything is unicast.  Broadcast won't route, so stuff
like netbios broadcast is broken (use a WINS server).  Everything else
should work, assuming you don't block it with your filter rules.  IPsec
works at a lower OSI layer, so it should be completely transparent to
applications.

-- 
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net



Visit your host, monkey.org