[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "bimbo" <samba at legnago dot org>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: IPsec VPN Help!!
 Date:  Fri, 18 Nov 2005 14:48:39 -0600
bimbo wrote:
> James W. McKeand ha scritto:
>> Aaron with Morad wrote:
>> 
>>> Nevermind, found in the documentation that IPsec through m0n0
>>> doesn't work. 
>>> 
>>> http://doc.m0n0.ch/handbook/ipsec.html
>> 
>> 
>> It is not as much as an "IPSec through m0n0" as much as it is an
>> "IPSec through NAT" issue. It does not matter if it is a m0n0wall,
>> Linksys box, or anything else doing the NAT - IPSec does not handle
>> NAT well (unless NAT-T in involve - i.e. NAT Transversal).
> 
> Mmmm...
> If I set two monowall box (one at home, one at office) I can't use vpn
> ipsec?
> 
>
samba-----switch-------monowall------router-----internet------router----
--monowall-----samba
> 
> Is it not possible ?
> 
> Samba is a machine of LAN connected to a switch.
> monowall is connected to the same switch of samba througth LAN
> inteface. 

A point to point IPSec VPN is slightly different than a remote access
IPSec VPN - sometimes called a mobile user VPN. M0n0wall to m0n0wall
IPSec will work - as will m0n0wall to Cisco or m0n0wall to Smoothwall,
etc. The m0n0walls will handle the connection. 

Using an IPSec VPN software client (SafeNet SoftRemote for example)
***WILL*** have problems connecting to a m0n0wall IPSec VPN from behind
a NAT.
(per http://doc.m0n0.ch/handbook/ipsec.html#id2598274)

I have had success with using Netgear's VPN client (branded SafeNet
SoftRemoteLT) to access SonicWalls and Netgear VPN routers from behind
my m0n0wall. Those SonicWalls and Netgears handle NAT-T appropriately -
apparently m0n0walls don't handle NAT-T appropriately.

_________________________________
James W. McKeand