On 30 May 2005 08:39:47 -0700, Stephan <(E-Mail Removed)> wrote:
> Hello, World;-)
>
> I've got a ppp connection to a GPRS-network. The provider dynamically
> assigns a not routable address and does NAT for the internet.
>
> Over this connection I have to build a VPN with a predefined local
> address. If now sometimes this VPN-Address and the one for the
> ppp-connection were the same I'd be in trouble.
>
> The only solution seems to be changing the local address of the ppp
> connection to a fixed value, but any trial to do so in ppp's config
> file makes the network provider refuse the connection. I thought of
> using NAT locally, but I don't think that would be a solution for the
> problem having two network devices with the same IP address.
>
> The easiest way would be some build-in NAT in the pppd that builds the
> local network device with a given address but lets the remote server
> see it's idea of the client's address. Unfortunatelly, but i did not
> find such a thing.
>
> Any idea?
The only IP the other side is going to see or be be able to verify from
its end is the public IP that leads back to you, and if you get a PPP IP
in a private range, apparently you do not even see that from your end.
I only dabbled with freeswan when I did not know what kind of VPN our
factory was going to implement. But I was able to connect to that from a
dynamic PPP IP ipsec client without even having to know its IP (using a
defaultroute option). However, I could not connected the client from
behind NAT (Linux masquerade) because I did not have root access to the
Linux firewall/router to direct incoming protocol 50 to my private IP.
Fortunately I could still get into our factory network via ssh.
The most important thing you forgot to mention was, what VPN protocol or
programs. It would not do any good to set a static PPP IP because your
ISP would not route that (even if you set it as an alias). But at least
if you said which VPN, someone might have suggestions.
|
Similar Threads
Linear Mode
