Hi: There was a patch provided for 2.2.x versions of the Linux kernel to assist with VPN masquerading. (it works with IPCHAINS) Is there such a patch available for kernel 2.4.x ? If not is it possible to setup iptables to allow masquerdaing with VPN ?
Thanks much
Ramdev/-
This conversation is currently closed to new comments.
Some bad news first, I've seen that a few linux flavors, use ipchains or iptables, and they can't run in the same kernel. The only way you can have a mix of both is recompiling your kernel. By now I'm installing iptables 1.2.4 using iptables NAT features to set up a IPsec tunnel generator. I moved to iptables because ipchains is too hard to handle, the only shaper that works quite good is cipe. But it's a static VPN. As we need a dynamic tunnel generator, I started to develop some iptables scripts. But they are experimental at this time. To set up all the iptables features you have to use version 1.2.4. and of course recompile the kernel. Ipchains handles the packet's header, with no socket handling. With iptables, you can handle the header, socket, and the mac address of the WAN interface at both ends, (some other things like dynamic NAT, and other stuff).
I've forgot in my last comment (above) that if you are going to set a VPN you can set the band width with iptables, so you can set this also. And over this packet filter you can set the vpn shaper of your choise.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
VPN Masquerading support on Kernel 2.4
There was a patch provided for 2.2.x versions of the Linux kernel to assist with VPN masquerading. (it works with IPCHAINS)
Is there such a patch available for kernel 2.4.x ?
If not is it possible to setup iptables to allow
masquerdaing with VPN ?
Thanks much
Ramdev/-