I have a LAN behind ETH1 (2nd adapter) on my linux box, which is NATed, I need to get these guys to be able to VPN from that side of the lan.

I'm fairly certain I need:

modprobe nf_nat_proto_gre
modprobe nf_conntrack_proto_gre


Which do not currently exist in my kernel 2.6.18-128.el5 or I don't know their new names?

I'm semi-pro but have had little experience with module installation/kernel recompile.

I need to know these module equivalent names suitable for my install but have no clue and I've google-failed thus far.

Can anyone help? is recompiling the kernel seriously my only alternative? ( recompiling kernel x 200+ is really not an option for me)


Thanks in advance,

-Chris

What type of VPN are you going to use? For example, OpenVPN (which is an SSL VPN) or IPSEC or something else? I don't have experience with IPSEC. With OpenVPN, you shouldn't need to recompile anything on your Linux box...unless your Linux box will be a VPN end-point or VPN server. For VPN pass-through, the Linux box should only need need to port forward to the appropriate NAT'd machines; and even this might not be necessary if you always initiate the connection from a NAT'd machine and set-up the OpenVPN configuration to "keep-alive" the connection. I've never tried it without port forwarding, so it is possibly firewall dependent.

My goalis to accommodate the VPN functionality for my clients behind this NAT, I'm not hosting the VPN server itself. As it stands they have full internet access etc as per my lan set from behind the NAT, but are unable to use individual vpn clients (whatever they might be).

Basically its my router ---> main lan ( which has the Centos box).

Then Centos --> Eth1 NAT --> clients behind Eth1 .


I've tested successfully that behind my router I can vpn out from the Eth0 side of the network. However I have been unsuccessful from the Eth1 side .