[isf-wifidog] Huge problems with Cisco VPN (IPsec)
Max Horváth
max.horvath at maxspot.de
Dim 11 Juin 18:07:45 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Well, in DD-WRT IPsec pass through works by loading the modules
ip_conntrac_proto_gre and ip_nat_proto_gre ... I loaded them ... and
I also added the iptables commands to the normal forward and input
rule - but it dosn't work - I guess it must be done directly in the
wifidog gateway ...
Mina Naguib wrote:
>
> I believe CISCO's client is an IPSEC implementation. Last time I
> played with IPSEC my blood pressure shot through the roof.
>
> I'm in no position to preach to end-users and their employers about
> the neatness of OpenVPN, so I won't even go there.
>
> Simply put, IPSEC is not exactly typical-end-user-behind-a-NAT
> friendly (standard rewriting problems where the protocol depends on
> IP addresses coded inside the packet payload itself - remember how
> active FTP broke behind NAT until the linux kernel became "ftp-
> aware"?)
>
> In the official Linksys firmware there's an "IPSEC PassThrough"
> checkbox that addresses this issue. I'm not sure what the OpenWRT
> equivalent would be.
>
> On 11-Jun-06, at 4:53 PM, Max Horváth wrote:
>> Hey folks,
>>
>> we got huge problems with people wanting to use their Cisco VPN
>> client. It just doesn't connect to the VPN server.
>>
>> I guess it's a problem with the iptables command of the gateway.
>>
>> How could this problem be solved?
>>
>> Cheers, Max!
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFEjJQy+BKgC+eQ3ooRAiPCAJ9HUom0eJxgtHTXKYr2t8uPO2IUugCfRQj5
MdIHSDw5wkRghqQigrppQ7Y=
=djzu
-----END PGP SIGNATURE-----
More information about the WiFiDog
mailing list