[isf-wifidog] Huge problems with Cisco VPN (IPsec)

Max Horváth max.horvath at maxspot.de
Dim 11 Juin 18:07:45 EDT 2006

Hash: SHA1

Well, in DD-WRT IPsec pass through works by loading the modules  
ip_conntrac_proto_gre and ip_nat_proto_gre ... I loaded them ... and  
I also added the iptables commands to the normal forward and input  
rule - but it dosn't work - I guess it must be done directly in the  
wifidog gateway ...

Mina Naguib wrote:

> I believe CISCO's client is an IPSEC implementation.  Last time I  
> played with IPSEC my blood pressure shot through the roof.
> I'm in no position to preach to end-users and their employers about  
> the neatness of OpenVPN, so I won't even go there.
> Simply put, IPSEC is not exactly typical-end-user-behind-a-NAT  
> friendly (standard rewriting problems where the protocol depends on  
> IP addresses coded inside the packet payload itself - remember how  
> active FTP broke behind NAT until the linux kernel became "ftp- 
> aware"?)
> In the official Linksys firmware there's an "IPSEC PassThrough"  
> checkbox that addresses this issue.  I'm not sure what the OpenWRT  
> equivalent would be.
> On 11-Jun-06, at 4:53 PM, Max Horváth wrote:
>> Hey folks,
>> we got huge problems with people wanting to use their Cisco VPN  
>> client. It just doesn't connect to the VPN server.
>> I guess it's a problem with the iptables command of the gateway.
>> How could this problem be solved?
>> Cheers, Max!
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

Version: GnuPG v1.4.1 (Darwin)


More information about the WiFiDog mailing list