On Sun, Aug 11, 2002 at 17:40:15 +0200, Jens Hafner wrote: > Things start to break as soon as I connect the laptop to my private > network (192.168.0.0/24) whose default gateway is a debian (woody, kernel > 2.2.19) box. I configured the gateway to accept protocol 50 packages and > port 500 connections in the following way:
You may need to accept protocol 51 (AH packet-level authentication) as well. > The extranet client always gives me an error message like: "BannerSock: > The attempt to connect timed out without establishing a connection". I > couldn't find any documentation covering this case on the net. All I found > were lots of documents where the Linux box was one end of the VPN > connection itself but none covered my case in which the debian box only > masquerades and forwards the encrypted packages packets. http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/firewall.html discusses some of the issues between IPsec and NAT. HTH, Ray -- "Never trust a poll you haven't rigged yourself."
