LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 04-05-2005, 06:18 AM   #1
IPsecLearner
LQ Newbie
 
Registered: Apr 2005
Posts: 1

Rep: Reputation: 0
IPsec/L2TP VPN question


Hi,

I've just started to learn about IPsec and VPNs and I think it's very interesting. As I understand there are 2 modes for IPsec. Transport for peer-to-peer connection and Tunnel where you can connected to networks. My question now is, if I have a linux machine with 1 NIC (that is no local network) and I want to be able to connect to it with a windows 2k/xp using VPN. This windows machine is portable (that is the IP changes). Is this possible or must I have a local network for VPN to work ?

Thanks for any reply!
 
Old 04-18-2005, 10:16 AM   #2
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 876

Rep: Reputation: 184Reputation: 184
Transport mode encrypts parts of the header so that any intermediate host must understand IPSEC. Tunnel mode totally encapsulates the encrypted packet into another IP header so that the entire contents can pass non-ipsec intermediate hosts, i.e internet routers. Its a bit more overhead but more useful and more secure. You can connect using tunnel mode to your host no matter where it is, as long as you are on a network that allows IP protocol 50 (Authentication Header) and 51(Encapsulating Security Payload) and also allows UDP port 500 (Internet Key Exchange). So if you took your machine to a freinds house you could VPN to it from somewhere else as long as his firewall allowed these protocols/ports.
 
Old 04-18-2005, 11:02 AM   #3
Brian Knoblauch
Member
 
Registered: Jan 2005
Distribution: SuSE (x86), NetBSD (Sparc), Solaris (Sparc & 32-bit x86)
Posts: 278

Rep: Reputation: 30
If behind a NAT device, I believe that NAT-T support is required on both "endpoints" in order to pass IPSEC/L2TP.
 
Old 04-19-2005, 12:32 PM   #4
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 876

Rep: Reputation: 184Reputation: 184
Brians right, not sure what the term is but NAT definitely needs to support IPSEC as I think even in tunnel mode AH is used to protect the tunnel header from being tinkered with and NAT obviously changes the header!

Having said that we would normally place VPN concentrators and the like on DMZ's with a public address.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
L2TP VPN client (Mandrake) Fernanda Linux - Networking 1 01-22-2006 08:43 AM
IPSEC/L2TP VPN Server on Fedora Core 3 using Kernel 2.6 petwalrus Linux - Networking 3 04-21-2005 11:55 AM
L2TP VPN connections to an ISA Server kendoucet Linux - Networking 0 03-24-2004 09:07 AM
L2TP/IPEC VPN for EOL GPRS linx win Linux - Networking 0 02-06-2004 02:26 AM
VPN with IPSec question sergiyn Linux - Networking 2 10-09-2003 02:52 AM


All times are GMT -5. The time now is 12:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration