Firewall Wizards mailing list archives
RE: VPN Problems
From: "Bradley Schatz" <bradley () tripledash com>
Date: Thu, 16 Aug 2001 14:07:18 +0100
What recommendations would one have for VPN's that would work over these kind of restrictions? (assuming interoperation with say Win32 & Linux/BSB) L2TP seems to be the only candidate I have found. -bradley
-----Original Message----- From: Lucas Thompson [mailto:Lucas.Thompson () watchguard com] Sent: 13 August 2001 23:19 To: 'Ryan Russell'; Jason Wu Cc: firewall-wizards () nfr com Subject: RE: [fw-wiz] VPN Problems This is very often a problem where ISPs filter IP 50 or 51. A really good way to test it is to use the traceroute that comes with OpenBSD. Openbsd's traceroute allows you to use arbitrary IP protocol numbers instead of just UDP or ICMP like most of them. Then sniff at your site(s) to see if it gets through. I just wish I had a Linux port of it :) lucas -----Original Message----- From: Ryan Russell [mailto:ryan () securityfocus com] Sent: Friday, August 10, 2001 4:53 PM To: Jason Wu Cc: firewall-wizards () nfr com Subject: Re: [fw-wiz] VPN Problems On Thu, 9 Aug 2001, Jason Wu wrote:Hi, has anyone on this list had any problems with theirVPNs that can betraced to something the ISP is doing?Sure. I've had ISPs not pass the packet types I needed them to, despite their claims that they do no filtering. Do a traceroute some time and see how many ISPs you cross.I want to get an idea of how prevalent it is for ISPs to filter VPN traffic or toperform NAT causingAH to break etc.Yes, any of that will break AH. Or GRE. Or IPinIP, etc...Also, how have you worked around these limitations?Change ISPs or VPN software. But at least I'm not bitter or cynical about it. :) Note that it is explicitly against the policies of some ISPs to use a VPN. Ryan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN Problems Jason Wu (Aug 10)
- Re: VPN Problems Ryan Russell (Aug 11)
- <Possible follow-ups>
- RE: VPN Problems Lucas Thompson (Aug 13)
- RE: VPN Problems - Good traceroute tools. Peter Lukas (Aug 16)
- RE: VPN Problems Walters, Thomas B (Aug 16)
- RE: VPN Problems Ben Nagy (Aug 16)
- RE: VPN Problems Bradley Schatz (Aug 16)