[isf-wifidog] Huge problems with Cisco VPN (IPsec)
max.horvath at maxspot.de
Dim 11 Juin 18:15:00 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Right now I gotta go to bed - tommorow morning I'll write which
commands are being used in the DD-WRT distro ... using them could be
all we need to use in the wifidog gateway ...
Max Horváth wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Well, in DD-WRT IPsec pass through works by loading the modules
> ip_conntrac_proto_gre and ip_nat_proto_gre ... I loaded them ...
> and I also added the iptables commands to the normal forward and
> input rule - but it dosn't work - I guess it must be done directly
> in the wifidog gateway ...
> Mina Naguib wrote:
>> I believe CISCO's client is an IPSEC implementation. Last time I
>> played with IPSEC my blood pressure shot through the roof.
>> I'm in no position to preach to end-users and their employers
>> about the neatness of OpenVPN, so I won't even go there.
>> Simply put, IPSEC is not exactly typical-end-user-behind-a-NAT
>> friendly (standard rewriting problems where the protocol depends
>> on IP addresses coded inside the packet payload itself - remember
>> how active FTP broke behind NAT until the linux kernel became "ftp-
>> In the official Linksys firmware there's an "IPSEC PassThrough"
>> checkbox that addresses this issue. I'm not sure what the OpenWRT
>> equivalent would be.
>> On 11-Jun-06, at 4:53 PM, Max Horváth wrote:
>>> Hey folks,
>>> we got huge problems with people wanting to use their Cisco VPN
>>> client. It just doesn't connect to the VPN server.
>>> I guess it's a problem with the iptables command of the gateway.
>>> How could this problem be solved?
>>> Cheers, Max!
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
> -----END PGP SIGNATURE-----
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the WiFiDog