Remember, you won't be able to test this from within your network anymore since the external ip for the vpn router will reside on the firewall that your VPN test traffic will be exiting from. You'll have to use a dialup or VPN from another network outside of yours. > -----Original Message----- > From: Austad, Jay [mailto:austad at marketwatch.com] > Sent: Friday, August 10, 2001 12:48 PM > To: 'tclug-list at mn-linux.org' > Subject: RE: [TCLUG] VPN setup question > > > > Questions: > > 1. Can I put the VPN router behind the linux firewall and > > just route VPN traffic from outside the network to the VPN > > router? > > Yes. Give the VPN router a private IP on one interface and > put it on the internal network. Shutdown the other > interface, you don't need it anymore. Map an external ip on > the firewall to the vpn router's ip on the inside. I assume > the vpn router is pptp, so you need to put in rules to allow > GRE packets to the vpn router (I think it's protocol type > 42), and allow port 1723/tcp. It should work. Make sure you > remove the the pptp.o module in the firewall if you have it, > this is for outgoing connections only and may mess with your > setup. If everything works, you can put it back in. > > If you're using IPSec, you'll need to open some other ports. > Let me know if this is the case. > > > >2. Does the VPN router need IPs on both interfaces? > > If so, do you set up private IPs for both interfaces and > > bridge between them? > > No, like I said above, just don't use the other interface, > shut it down. > > Jay > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-> linux.org/mailman/listinfo/tclug-list >