cisco vpn because of ipsec over tcp
David Woodhouse
dwmw2 at infradead.org
Thu Nov 17 16:31:57 UTC 2011
On Thu, 2011-11-17 at 11:10 -0500, Benjamin LaHaise wrote:
> Why not use a tun/tap interface set up with a private ip address which the
> vpn application causes to be masqueraded by the host? That should work and
> be portable across all kernel versions.
Yeah, that's one of of the options. But still you have to set up NAT on
the host. And make sure you don't conflict with any IP address ranges
which might appear on local networks, or on the VPN. It doesn't really
meet the "set it up nicely" criterion :)
If you can screw with iptables rules to set up NAT, you might as well
just screw with iptables rules to block and capture the TCP packets you
want. Either way, it's a pain in the arse.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20111117/599588c8/attachment.bin
More information about the devel
mailing list