VPN Guidelines
Here are some recommended guidelines that I suggest you consider before attempting a simple SOHO Linux VPN:
The IPSec protocol on which VPNs are based will not tolerate its data packets being network address translated. If your firewall does NAT, then you'll have to disable it specifically for the packets that will traverse the VPN. Life will be much easier if you make your Linux VPN box also function as a firewall. Configure and test the firewall first and then configure the VPN. Chapter 14, "Linux Firewalls Using iptables," should help a lot. The networks at both ends of the VPN tunnel must use different IP address ranges. Many company networks operate using 192.168.0.x or 192.168.1.x addresses, you may have to reassign IP addresses to your network if overlaps occur. Permanent site-to-site VPNs require firewalls at both ends that use static, DHCP IP addresses.
 |
