Re: mac address
> The "imaginary" problem is that the program for VPN use IPSEC, and - I think - use, also, mac address authentification.
Actually, the MAC address is unimportant. It may appear that the MAC address is what's causing things to get mucked up, but it's
actually the IP address. IPSEC places a copy of the sending machine's IP address into the encrypted payload portion of each
packet. When the packet reaches the other end, the ip address is compared to the actual sender's IP address to eliminate the
possibility of man-in-the-middle attacks. Your firewall, by virtue of the fact that it's translating your Windows box's private
192.168 or 10. or whatever address to it's outside IP before sending on the internet is what is breaking things.
There are only two solutions to this, one of which I know exists, the other is hypothetical. 1. Run IPSEC on your firewall instead
of your windows box. This works, gives your whole local network access to the remote secure network (if your rules allow it) and
is generally nicer than the IPSEC-on-each-individual-windows-box method. 2. The second method involves some manner of packet
rewriting module on the firewall.. To the best of my knowledge, this doesn't exist, but it could be done if the module sees the
IPSEC conversation from the very first packet... But again, it's a messy solution, because what would practically be required is
that the machine terminate the IPSEC connection from your Windows box, then open another IPSEC connection to the remote network.
Clint
Reply to: