Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've just started to learn about IPsec and VPNs and I think it's very interesting. As I understand there are 2 modes for IPsec. Transport for peer-to-peer connection and Tunnel where you can connected to networks. My question now is, if I have a linux machine with 1 NIC (that is no local network) and I want to be able to connect to it with a windows 2k/xp using VPN. This windows machine is portable (that is the IP changes). Is this possible or must I have a local network for VPN to work ?
Transport mode encrypts parts of the header so that any intermediate host must understand IPSEC. Tunnel mode totally encapsulates the encrypted packet into another IP header so that the entire contents can pass non-ipsec intermediate hosts, i.e internet routers. Its a bit more overhead but more useful and more secure. You can connect using tunnel mode to your host no matter where it is, as long as you are on a network that allows IP protocol 50 (Authentication Header) and 51(Encapsulating Security Payload) and also allows UDP port 500 (Internet Key Exchange). So if you took your machine to a freinds house you could VPN to it from somewhere else as long as his firewall allowed these protocols/ports.
Brians right, not sure what the term is but NAT definitely needs to support IPSEC as I think even in tunnel mode AH is used to protect the tunnel header from being tinkered with and NAT obviously changes the header!
Having said that we would normally place VPN concentrators and the like on DMZ's with a public address.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.