Re: FreeS/WAN on PPPOE
Curtis Vaughan said:
> Has anyone had similar problems?
>
> Out DSL connection is through a PPPOE connect, unfortunately. Although
> setting up multiple VPNs has generally been no problem, this time for
> this office it has been a pain. The only reason we can think of now is
> because this is first time we've dealt with a PPPOE connection. Has
> anyone experienced similar problems? If so, were you able to overcome it?
> Or, perhaps this isn't the problem at all.
Some providers do not pass the protocols needed for IPSec or PPTP.
IPSec by default uses IP protocol 50. Because of this, it is not
generally NAT friendly nor do all ISPs support it.
your question may be better answered on the freeswan mailing list,
you'll probably have to include a ton more information.
my experience is that I really really hate IPSec in it's native
form because of the use of the ESP protocol. Some impmlementations
can tunnel ESP through UDP, though I haven't noticed whether or
not freeswan is capable of this. Because of this I much prefer
non IPSec VPNs, my preferred vpn is vtun, operates over either TCP
or UDP(you can mix & match). Runs on linux, solaris, and *bsd.
if your lucky you may be able to contact your isp and verify whether
or not they allow ESP(IP protocol 50) to pass. Also if the IPSec
system is behind any kind of address translation that can greatly
complicate things(NAT).
at my last company we used cisco vpn 3005s since they seemed to
be among the first to support the ESP-over-UDP, which played well
with most NAT setups. We also used vtun extensivly as well(which
overall was more reliable then the cisco boxes).
nate
Reply to: