Yea, I get a pile of broadcasts.  It's not all that bad.  I had iptables
logging them for a while.

My old ISP decided to switch me to router mode, and of course didn't
bother to tell me. Said it was a Qwest policy change.  They refused to
switch me back.

The routing implied NAT, so that my local IP was a 10.xx.xx.xx address,
but my external static IP was their's.  When freeswan sent a packet, it
includes the encrypted local IP address.  When the receiving side saw that
it didn't match the IP address in the header, it would reject it.

The ISP's proposed I set up a subnet, but they wanted to charge me for an
extra 3 IP addresses...

Supposedly there is a way around NAT with freeswan, but after a week of
hacking, I changed to isd.net.  30 minutes later I was back on the air.

> On Saturday 19 April 2003 10:41 am, waynej at dccmn.com wrote:
>> One of the issues I had was my old ISP insisted that I run my cisco in
>> router mode and my Freeswan doesn't like that so I had to switch ISPs
>> to get bridge support.  In router mode, your outside IP address <>
>> your eth0 IP address cause it's doing NAT.  Freeswan sees this is a
>> man-in-middle attack.
>>
>> Does the ActionTec support bridging?
>
> Heh. You are thinking "backwards". You =want= routing when doing IPSec
> (freeswan).
>
> Bridging can be nasty if the upstream router isn't filtering LAN
> broadcast  traffic.
> --
> Bob Tanner <tanner at real-time.com>         | Phone : (952)943-8700
> http://www.mn-linux.org, Minnesota, Linux | Fax   : (952)943-8500
> http://www.linuxjustworks.com             | Linux Just Works!
> Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> http://www.mn-linux.org tclug-list at mn-linux.org
> https://mailman.real-time.com/mailman/listinfo/tclug-list




_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list