Re: Help! Ipsec-tools/Racoon link through NAT .. "ip route" fails
From: Alexander Clouter (alex_at_digriz.junk-this.org.uk)
Date: Sun, 28 Nov 2004 17:15:44 -0000
On 2004-11-28, Sundial Services <email@example.com> wrote:
> Alexander Clouter wrote:
>> All you can do is really keep an eye on the output of the racoon daemon in
>> debug mode and have a good read of the IPSec HOWTO as to be frank, I
>> think you have missed some rather major points :P
> To solve the problem, at this point, I'm looking at purchasing, or renting,
> a Windows-2000 machine dedicated strictly to this project for its duration.
> This is considerably cheaper than the revenue I've already lost.
sounds likes someones promised something by a deadline.
> I don't deny that "I've missed some rather major points." What I need is
> /results/ ... not an unwanted, ill-timed education in the intricacies of
> VPN. Time is money and I'm losing a lot of it without compensation.
> This is, of course, nothing to do with you or Linux or anything else ... I
> am grateful for your ongoing assistance. I love Linux. But it is
> despairing, sometimes, how Linux "sends you to school" when you simply want
> to push a button and have it be done for you. That's what an OS-vendor is
> supposed to be about, in an ideal world, and it's at times like these that
> I /really/ feel just how far Linux has to go.
To do the exact same thing under Windoze you have to do pretty much:
Now you are doing *exactly* the same under linux/freebsd/etc however its
probably easier as you have everything clearly in two configuration files.
With M$ you have boxes, buttons and windows everywhere and its hard to put
them altogether. Hell I just tried the other week and failed to get windoze
to play ball, it refused to find the certificate I had given it....twice!
There is L2TP+IPSec however that is different and easy to setup under
windoze. If you want pure IPSec, which you should as its more efficient,
then windoze is going to give you a lot of 'excitement' to burn the midnight
There is no touchy-feely click'n'drool interface. IPSec is not an easy thing
per-say to just roll out at a click of a mouse button. Certificate
infrastructures do not arrive overnight, however once in place your have a
very powerful system in place with complete control at your fingertips.
>From your needs I would highly recommend you go over to CISCO whom will do
this for you, but of course you pay for it, its part of the game; however I
am probably preaching to the choir which is why you are trying to learn/use
> (And this isn't "linux.advocacy," and this isn't flame, so I think we can
> leave it at that.)
well about this time I would say its time for a beer or at least your
favourite caffinated drink, coffee, black, no sugar.
 the professionals http://www.cisco.com/edu/peterpacket/
I got the 'QoS Rocket' and had to stop before I killed myself