Re: [m0n0wall] Revised... [Fwd: [m0n0wall] VPN starter recipe]

From:	JR <tiresias at gmail dot com>
To:	john at privateproductivity dot com
Cc:	m0n0wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Revised... [Fwd: [m0n0wall] VPN starter recipe]
Date:	Thu, 15 May 2008 14:50:39 -0400

On Wed, May 14, 2008 at 11:22 AM, John Smith
<john at privateproductivity dot com> wrote:
> I should clarify... Both ends of the VPN will be behind firwalls (so I think
> IPsec won't work).

It can work behind another firewaii, in one of two ways.

a) From the upstream firewall, forward to the m0n0wall: UDP port 500,
ESP (IP protocol ID 50) and AH (IP protocol ID 51).

b) Use latest 1.3b m0n0wall, enable NAT-Traversal in the tunnel config
and forward only UDP port 500 to the m0n0wall.

I am using method a) at two different sites, and some other people on
the list have reported using NAT-T successfully.

JR