I was curious if there was a way to get my VPN to work through TheWall... it was working fine (obviously) hooked straight to my cablemodem but now doesnt connect :(
I LOVE this firewall and thank you to the developer(s) who did this!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The problem is probably that IPSEC doesn't work with NAT. The source IP address is part of the Authentication Header so when it gets changed going through NAT the packet fails the authentication checks. See http://www.ietf.org/internet-drafts/draft-aboba-nat-ipsec-04.txt for the gory details.
I believe there are a couple of people that have IPSEC working on theWall, but they haven't sent me their changes yet. The current binaries don't support it. I doubt there's enough room for IPSEC (well actually racoon) on the floppy versions, but there's no space problem for the compact flash versions.
I use a GRE based VPN through theWall ... when the IT guys at work set it up they asked me if I had a firewall and when I said yes they said oh, we won't use IPSEC then. All I had to do was
add a rule to pass GRE to and from work:
${fwcmd} add pass 47 from <ipworkadr> to any
${fwcmd} add pass 47 from any to <ipworkadr>.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
alright thanks, its not a big deal really. I still have my 64K ISDN work provides (gee thanks guys). If those people ever do post their configurations do let us know! :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I was curious if there was a way to get my VPN to work through TheWall... it was working fine (obviously) hooked straight to my cablemodem but now doesnt connect :(
I LOVE this firewall and thank you to the developer(s) who did this!
The problem is probably that IPSEC doesn't work with NAT. The source IP address is part of the Authentication Header so when it gets changed going through NAT the packet fails the authentication checks. See http://www.ietf.org/internet-drafts/draft-aboba-nat-ipsec-04.txt for the gory details.
I believe there are a couple of people that have IPSEC working on theWall, but they haven't sent me their changes yet. The current binaries don't support it. I doubt there's enough room for IPSEC (well actually racoon) on the floppy versions, but there's no space problem for the compact flash versions.
I use a GRE based VPN through theWall ... when the IT guys at work set it up they asked me if I had a firewall and when I said yes they said oh, we won't use IPSEC then. All I had to do was
add a rule to pass GRE to and from work:
${fwcmd} add pass 47 from <ipworkadr> to any
${fwcmd} add pass 47 from any to <ipworkadr>.
alright thanks, its not a big deal really. I still have my 64K ISDN work provides (gee thanks guys). If those people ever do post their configurations do let us know! :)