- Posts: 613
- Thank you received: 0
VPN behind NAT
18 years 8 months ago #10017
by nske
Replied by nske on topic Re: VPN behind NAT
Just a status update:
- Simple pptp tunnels doesn't work for more than one client per external NAT address -at least not without some extended support from the NAT device- because of gre encapsulation. For some software NAT implementations (like Linux' netfilter) there are patches to treat this, however for cheap routers it's either yes or no (in this case apparently no).
- eylli thanks for the suggestion and your offer to help, OpenVPN is indeed great
However as far as I know it won't make any difference because it's a NAT issue.
- After much effort I've quit the idea of seperate tunnels for each host and since I can't think of anything else to try with the current equipment, there are two ways to end this quickly and easily:
1) Get two routers with vpn end-point support to establish a tunnel among them (and route through it and the physical network interfaces, or just bridge them together).
2) Do the same with two 586-class PCs, with the additional benefits of decreased price, increased processing power and more features at the cost of increased bulk and power consumption.
At home I use the second solution since I don't like embedded devices, however I think this guy's going to pick option A
Thanks again for your help everyone!
- Simple pptp tunnels doesn't work for more than one client per external NAT address -at least not without some extended support from the NAT device- because of gre encapsulation. For some software NAT implementations (like Linux' netfilter) there are patches to treat this, however for cheap routers it's either yes or no (in this case apparently no).
- eylli thanks for the suggestion and your offer to help, OpenVPN is indeed great
However as far as I know it won't make any difference because it's a NAT issue.- After much effort I've quit the idea of seperate tunnels for each host and since I can't think of anything else to try with the current equipment, there are two ways to end this quickly and easily:
1) Get two routers with vpn end-point support to establish a tunnel among them (and route through it and the physical network interfaces, or just bridge them together).
2) Do the same with two 586-class PCs, with the additional benefits of decreased price, increased processing power and more features at the cost of increased bulk and power consumption.
At home I use the second solution since I don't like embedded devices, however I think this guy's going to pick option A
Thanks again for your help everyone!
18 years 8 months ago #10018
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: VPN behind NAT
NSKE,
Let us know if you require help setting up the routers - I'm assuming they'll be Cisco
Cheers,
Let us know if you require help setting up the routers - I'm assuming they'll be Cisco
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.139 seconds