[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPsec and IPMasq/Proxy

> The "ip neigh {add|del|change|replace} ..." sequence?

Yeah. Look in /usr/share/doc/iproute and print off one of the cref
(command reference) docs (note the .ps file wants A4 paper)

> > Problem is that it burns another external IP address.
> Um... not good.

Well, yeah. That is the thing with NAT as opposed to Masq but NAT is a lot
faster. If you have the addresses to spare, you assign one for the
internal IPSec or PPTP or whatever VPN unit and NAT it at the
firewall. The thing is that a lot of these protocols use things like GRE
that Linux does not like to masquerade. Heck, Linux doesn't like UDP all
that much ... try running a CIPE VPN from behind a firewall ... no can do.

Reply to: