nanog mailing list archives
Re: quietly....
From: Lamar Owen <lowen () pari edu>
Date: Thu, 3 Feb 2011 15:20:25 -0500
On Thursday, February 03, 2011 02:28:32 pm Valdis.Kletnieks () vt edu wrote:
The only reason FTP works through a NAT is because the NAT has already been hacked up to further mangle the data stream to make up for the mangling it does.
FTP is a in essence a peer-to-peer protocol, as both ends initiate TCP streams. I know that's nitpicking, but it is true.
I'm told that IPSEC through a NAT can be interesting too... And that's something I'm also told some corporations are interested in.
IPsec NAT Traversal over UDP port 4500 works ok, but it does require port-forwarding (either manual, automatic-in-the-router, or uPNP) to work ok. There are a number of HOWTO's out there to make it work, and we've been doing it between the native Windows L2TP VPN client (PPTP is insecure; L2TP as implemented by Microsoft is a three layer melange of PPP on top, with L2TP carrying that, encapsulated in IPsec between two endpoints) and SmoothWall's SmoothTunnel for several years. It does work, and it's not as hard as it could be. But it's not as easy as it should be, at least on the network plumbing side of things. However, that's not typically the hardest part of setting up a Microsoft-style PPPoL2TPoIPsec VPN, though, especially if you use certificates instead of preshared keys.
Current thread:
- Re: quietly...., (continued)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Simon Perreault (Feb 03)
- Re: quietly.... Matthew Palmer (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Valdis . Kletnieks (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Valdis . Kletnieks (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Randy Carpenter (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Matthew Palmer (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Valdis . Kletnieks (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... Valdis . Kletnieks (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Mark Andrews (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... Mark Andrews (Feb 03)