We use the safenet ipsec client in scenarios just like you describe and various 1.2x release
branches of monowall with zero problems. Nat traversal does not seem to be a problem for the
safenet client. You might also do well to set up a site to site tunnel between the branches and the
main office. That works flawlessly.
But, you should definitely do some testing before pushing anything out to production. You can buy
the safenet client cheaply from the netgear store online. They rebrand it for their own networking
products, but it is the same software underlying. It ends up being about $30 a seat or so.
From: Chris Buechler [mailto:cbuechler at gmail dot com]
Sent: Mon 10/1/2007 9:55 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] VPN question
On 10/1/07, Joe Commisso <jemc at twcny dot rr dot com> wrote:
> We have a central database server with many telnet clients both in the
> store and at two other locations in nearby towns that also have telnet
> clients telnetting into our single database server.
> We are currently using openswan vpn on redhat 7.3.
> I would like to move to m0n0wall and my question is can m0n0wall do it?
> Since I don't want to disrupt sales, it would make it a lot easier if I
> had the reassurance of this group on this question.
> So to try and make it clear, we have a single server at one location.
> The server location has a gateway/firewall with a static IP address and
> our remote locations have static IP addresses as well.
> Will our telnet sessions work using the m0n0wall ipsec vpn solution?
> I ask because there is information in the m0n0wall handbook stating that
> this version of freebsd doesn't support NAT traversal, but the m0n0wall
> box will have an internet IP on the WAN and the local IP on the LAN such as:
NAT-T would be a problem because your clients are NAT'ed, but with the
1.3 beta you should be fine. I'm not aware of any issues with 1.3b4
that would keep me from deploying it in a production environment if I