[isf-wifidog] Huge problems with Cisco VPN (IPsec)

Max Horváth max.horvath at maxspot.de
Dim 11 Juin 18:15:00 EDT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Right now I gotta go to bed - tommorow morning I'll write which  
commands are being used in the DD-WRT distro ... using them could be  
all we need to use in the wifidog gateway ...

Cheers, Max!

Max Horváth wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well, in DD-WRT IPsec pass through works by loading the modules  
> ip_conntrac_proto_gre and ip_nat_proto_gre ... I loaded them ...  
> and I also added the iptables commands to the normal forward and  
> input rule - but it dosn't work - I guess it must be done directly  
> in the wifidog gateway ...
>
> Mina Naguib wrote:
>
>>
>> I believe CISCO's client is an IPSEC implementation.  Last time I  
>> played with IPSEC my blood pressure shot through the roof.
>>
>> I'm in no position to preach to end-users and their employers  
>> about the neatness of OpenVPN, so I won't even go there.
>>
>> Simply put, IPSEC is not exactly typical-end-user-behind-a-NAT  
>> friendly (standard rewriting problems where the protocol depends  
>> on IP addresses coded inside the packet payload itself - remember  
>> how active FTP broke behind NAT until the linux kernel became "ftp- 
>> aware"?)
>>
>> In the official Linksys firmware there's an "IPSEC PassThrough"  
>> checkbox that addresses this issue.  I'm not sure what the OpenWRT  
>> equivalent would be.
>>
>> On 11-Jun-06, at 4:53 PM, Max Horváth wrote:
>>> Hey folks,
>>>
>>> we got huge problems with people wanting to use their Cisco VPN  
>>> client. It just doesn't connect to the VPN server.
>>>
>>> I guess it's a problem with the iptables command of the gateway.
>>>
>>> How could this problem be solved?
>>>
>>> Cheers, Max!
>>
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFEjJQy+BKgC+eQ3ooRAiPCAJ9HUom0eJxgtHTXKYr2t8uPO2IUugCfRQj5
> MdIHSDw5wkRghqQigrppQ7Y=
> =djzu
> -----END PGP SIGNATURE-----
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEjJXk+BKgC+eQ3ooRAlgvAKCJZWz3wWvn9S1b/WtKWzVhcRyzoACdHxwY
r9h+L5VAneIwvjBKfq47cMs=
=lXV9
-----END PGP SIGNATURE-----

More information about the WiFiDog mailing list