[isf-wifidog] Huge problems with Cisco VPN (IPsec)

Mina Naguib mina at naguib.ca
Dim 11 Juin 18:00:28 EDT 2006

I believe CISCO's client is an IPSEC implementation.  Last time I  
played with IPSEC my blood pressure shot through the roof.

I'm in no position to preach to end-users and their employers about  
the neatness of OpenVPN, so I won't even go there.

Simply put, IPSEC is not exactly typical-end-user-behind-a-NAT  
friendly (standard rewriting problems where the protocol depends on  
IP addresses coded inside the packet payload itself - remember how  
active FTP broke behind NAT until the linux kernel became "ftp-aware"?)

In the official Linksys firmware there's an "IPSEC PassThrough"  
checkbox that addresses this issue.  I'm not sure what the OpenWRT  
equivalent would be.

On 11-Jun-06, at 4:53 PM, Max Horváth wrote:
> Hey folks,
> we got huge problems with people wanting to use their Cisco VPN  
> client. It just doesn't connect to the VPN server.
> I guess it's a problem with the iptables command of the gateway.
> How could this problem be solved?
> Cheers, Max!

More information about the WiFiDog mailing list