Re: [Fwbuilder-discussion] ipsec masquerading
Brought to you by:
mikehorn
From: ryan <ry...@zo...> - 2005-05-24 17:18:43
|
Thanks, I think you just saved me a lot of hours. Here's my goal......I'm trying to secure a wireless access point. My cards do not all support WPA, leaving me with WEP (and I live in a densely populated area). Would PPTP be a better choice for what I am trying to accomplish? I know its not perfect, but it would probably be better than WEP alone. Or would I run into the same issues? I'm only concerned with the VPN through the wireless link. thanks ----- Original Message ----- From: "Vadim Kurland" <va...@vk...> To: "Ryan" <ry...@zo...> Cc: <fwb...@li...> Sent: Tuesday, May 24, 2005 12:31 PM Subject: Re: [Fwbuilder-discussion] ipsec masquerading > > On May 24, 2005, at 3:39 AM, Ryan wrote: > > > I forgot to include screenshots: > > http://users.zoominternet.net/~ryanag/ipsec1.png > > http://users.zoominternet.net/~ryanag/ipsec2.png > > > > The NAT rule seems to have killed all masquerading from my wireless > > (192.168.0.0/24) subnet, whether ipsec traffic or not. If I replace > > it with my original rule ipsec and routing works, but not together. > > > ipsec does not work through NAT because NAT modifies packet headers > which breaks AH. You may get it to work if you turn AH off (so you > only encrypt the payload but do not protect the header). Some IPSEC > implementations have special modes of operation to get it to work > through NAT. > > The NAT rule breaks masquerading when you add IPSEC service to it > because it becomes more specific and only does translation for > components of IPSEC protocol. IPSEC still won't work through NAT, but > all other protocols won't work either because the rule stops matching > them. > > --vk > > > > any help is appreciated. > > > > Ryan wrote: > > > >> I have ipsec set up and working, host-to-host. > >> I would like to use firewall builder to create masquerading rules > >> for the ipsec tunnel. So far, I've been unsuccessful. > >> Does anyone have any ideas/hints on how to do this? > >> thanks > >> ------------------------------------------------------- > >> This SF.Net email is sponsored by Oracle Space Sweepstakes > >> Want to be the first software developer in space? > >> Enter now for the Oracle Space Sweepstakes! > >> http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click > >> _______________________________________________ > >> Fwbuilder-discussion mailing list > >> Fwb...@li... > >> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > >> > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by Oracle Space Sweepstakes > > Want to be the first software developer in space? > > Enter now for the Oracle Space Sweepstakes! > > http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click > > _______________________________________________ > > Fwbuilder-discussion mailing list > > Fwb...@li... > > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Yahoo. > Introducing Yahoo! Search Developer Network - Create apps using Yahoo! > Search APIs Find out how you can build Yahoo! directly into your own > Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > |