[Techtalk] networking/iptables/security course?
kmartin at pyrzqxgl.org
Tue Feb 18 10:56:31 EST 2003
Bowen, Tricia wrote:
> I would be interested in the Basic Networking/Basic Security ones. I've
> got a wireless router at home right now that works fine. Wireless
> connection on the laptop and ethernet on the desktop. I need to figure
> out how to get VPN running on both the laptop and the desktop
> concurrently, but haven't been able to structure my time to pay enough
> attention to it. A course would help.
Getting VPNs to work through a NAT depends on the VPN configuration. If
the VPN uses AH-ESP (IP protocol 50) tunneling, and both VPN sessions
are being established to the same endpoint, the NAT engine will not be
able to tell which private address to send the session to. (If
different endpoints are used, the incoming ESP packets will have
different sources and the NAT engine may or may not be able to
distinguish them, depending on how it's implemented. My g/f and I have
not yet tested this with our respective corporate VPNs.)
On the other hand, tunneling based on TCP should generally work;
tunneling based on UDP may or may not depending on session
characteristics and the type of firewall. Most VPNs these days are set
up to run with AH/ESP tunneling, although more people are using TCP or
UDP tunneling to deal with snarky ISPs that filter protocol 50 because
"it's a business service".
This sort of knowledge would not be acquired in a basic or intermediate
course in networking. You have to have a pretty solid understanding of
how NAT and VPNs for this sort of problem.
More information about the Techtalk