[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  =?iso-8859-1?Q?'=22Ram=EDrez_Herrera=2C_Jorge=22'?= <jorge dot ramirez at tecsidel dot es>
 Cc:  "'M0n0wall-Help \(E-mail\)'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Multiple vpn connections Please
 Date:  Tue, 2 Nov 2004 10:52:09 -0500 
Could the Watchguard is assigning a different public IP to each of the
outbound VPN connections? If this is the case, I am not sure of the
process to do this. I only have one dynamically assigned address. I
think Outbound NAT and ARP Proxy will be involved.

This is just a guess, based on experience with Microsoft RRAS in the
NT 4 days of PPTP. I was dealing with an early SMC Broadband router
(i.e. simple NAT router) at a client's home. I had two users that were
trying to connect to the same office via MS PPTP from the same house.
The end result was a call to Microsoft. The Microsoft tech said that
PPTP server would, by design, reject a second connection, if it
already had a connection from an IP (i.e. a second user behind the
same NAT - same public IP). The solution was to get a second public IP
from ISP, remove the NAT router, directly connect the two users, and
install software firewall. Both were able to connect, too bad the line
at the office was slower than the line at their house ;-)

I have not used the Cisco products, I cannot tell you. I have
successfully used the SonicWall VPN Client and the Netgear VPN Client
on different machines behind my m0n0wall to connect to the same
SonicWall. In other words, different machines making IPSec connections
to the same IPSEC VPN. This is accomplished without doing anything
special. I have also made multiple connections to different IPSEC
tunnels from one machine (SonicWalls and Netgears).

FYI, both of these clients are the SafeNet SoftRemoteLT client. The
SonicWall's version is more restrictive on the settings than the
Netgear's (SonicWall only wants you to connect to SonicWalls).

_________________________________
James W. McKeand
 

-----Original Message-----
From: "Ramírez Herrera, Jorge" [mailto:jorge dot ramirez at tecsidel dot es] 
Sent: Tuesday, November 02, 2004 10:05 AM
To: James W. McKeand; "Ramírez Herrera, Jorge"
Cc: 'M0n0wall-Help (E-mail)'
Subject: RE: [m0n0wall] Multiple vpn connections Please

Yes, but there is one thing Watchguard doesn't have: traffic shapping.
I said Watchguard because it's based on linux. It has Nat too and pptp
connections to the same server are allowed.
With mono, Ipsec connections with cisco vpn client are allowed to a
Cisco
VPN cocentrator and not to a Pix Firewall. Why? I don't know.
It seems to be a little bug in the mono software or watchguard is
extremely
well done (not sure of this).
I'd like to replace Watchguard (it is very old) with one mono, but
with this
problems, it cannot be done.
Is it going to be solved in future versions of mono?

------------------------------------
Jorge Ramírez Herrera

------------------------------------
Administración de Sistemas
Área General
tecsidel
Avda. República Argentina 6, 5a planta
08023 Barcelona
Tel:          (+34) 93 292 21 10
Fax:         (+34) 93 292 28 28
mailto:<mailto:jorge dot ramirez at tecsidel dot es>
http://www.tecsidel.es/

-----Mensaje original-----
De: James W. McKeand [mailto:james at mckeand dot biz]
Enviado el: martes, 02 de noviembre de 2004 14:20
Para: '"Ramírez Herrera, Jorge"'
CC: 'M0n0wall-Help (E-mail)'
Asunto: RE: [m0n0wall] Multiple vpn connections Please

AFAIK, *ANY* NAT will break MS PPTP, when two or more users behind the
same NAT try to connect to the same server. This is a problem with the
PPTP server end. I think L2TP (introduced with Windows 2000) was
supposed to fix this, I have not tried it. I moved most of my clients
to IPSEC before L2TP was introduced. IPSEC should not be affected by
NAT.

Why not stick with what works? If the Watchguard works use it...

_________________________________
James W. McKeand


-----Original Message-----
From: "Ramírez Herrera, Jorge" [mailto:jorge dot ramirez at tecsidel dot es]
Sent: Tuesday, November 02, 2004 2:59 AM
To: "Ramírez Herrera, Jorge"; M0n0wall-Help (E-mail)
Subject: RE: [m0n0wall] Multiple vpn connections Please

Please, is this a limitation of the software?

------------------------------------
Jorge Ramírez Herrera

------------------------------------
Administración de Sistemas
Área General
tecsidel
Avda. República Argentina 6, 5a planta
08023 Barcelona
Tel:          (+34) 93 292 21 10
Fax:         (+34) 93 292 28 28
mailto:<mailto:jorge dot ramirez at tecsidel dot es>
http://www.tecsidel.es/

-----Mensaje original-----
De: "Ramírez Herrera, Jorge" [mailto:jorge dot ramirez at tecsidel dot es]
Enviado el: jueves, 28 de octubre de 2004 17:25
Para: M0n0wall-Help (E-mail)
Asunto: [m0n0wall] Multiple vpn connections

Hello,

I need to connect some vpn connections from my lan to other lans
outside.
Some people need Microsoft pptp, other cisco vpn client and it can be
that
two or more clients need to connect to the same server.
The problem is that, with the same rules, some people can connect to
pptp or
vpn servers and some cannot.
I don't know why, because I try the same configuration with a
Watchguard
firewall and I works ok.
It seems to be a problem in NAT.
Outbound nat is configured to only affect lan net, Opt1 is out of nat.

Can anybody help me?

Thank you.

------------------------------------
Jorge Ramírez Herrera

------------------------------------
Administración de Sistemas
Área General
tecsidel
Avda. República Argentina 6, 5a planta
08023 Barcelona
Tel:          (+34) 93 292 21 10
Fax:         (+34) 93 292 28 28
mailto:<mailto:jorge dot ramirez at tecsidel dot es>
http://www.tecsidel.es/