[Techtalk] networking/iptables/security course?

Kelly Martin kmartin at pyrzqxgl.org
Tue Feb 18 10:56:31 EST 2003

Bowen, Tricia wrote:
> I would be interested in the Basic Networking/Basic Security ones. I've 
> got a wireless router at home right now that works fine. Wireless 
> connection on the laptop and ethernet on the desktop. I need to figure 
> out how to get VPN running on both the laptop and the desktop 
> concurrently, but haven't been able to structure my time to pay enough 
> attention to it. A course would help.

Getting VPNs to work through a NAT depends on the VPN configuration.  If 
the VPN uses AH-ESP (IP protocol 50) tunneling, and both VPN sessions 
are being established to the same endpoint, the NAT engine will not be 
able to tell which private address to send the session to.  (If 
different endpoints are used, the incoming ESP packets will have 
different sources and the NAT engine may or may not be able to 
distinguish them, depending on how it's implemented.  My g/f and I have 
not yet tested this with our respective corporate VPNs.)

On the other hand, tunneling based on TCP should generally work; 
tunneling based on UDP may or may not depending on session 
characteristics and the type of firewall.  Most VPNs these days are set 
up to run with AH/ESP tunneling, although more people are using TCP or 
UDP tunneling to deal with snarky ISPs that filter protocol 50 because 
"it's a business service".

This sort of knowledge would not be acquired in a basic or intermediate 
course in networking.  You have to have a pretty solid understanding of 
how NAT and VPNs for this sort of problem.


More information about the Techtalk mailing list