I have given up waiting for ASUS to upgrade the firmware on their external
router and have made the move to an Alcatel SpeedTouch Pro. The folks at
LAN1 were really helpful, and they even printed me off a quick-start
pinholing guide.

The SpeedTouch supports translation of IPSec (IP type 50) and GRE/PPTP (IP
type 47), so its now possible to have VPN client and server access that
won't work with the ASUS external. The Alcatel routers are incredibly simple
to setup, and don't even require a reboot to switch to the games realm. The
one annoying thing is that they come preconfigured with XTRA as the
connection name :( This cannot be removed from the HTTP interface, but I'm
sure it can be done from CLI mode.

For those who are interested, the IPSec NAPT config for the SpeedTouch Pro
can be done with the two lines of configuration below, where x.x.x.x is the
IP address of the internal client/server.

nat create protocol=50 inside_addr=x.x.x.x outside_addr=0
nat create protocol=udp inside_addr=x.x.x.x inside_port=500 outside_addr=0
outside_port=500

NB: An outside address of 0 is for dynamic NAPT with any IP. If you don't
want it to work on the games realm or your alternative ISP, then specify
your ISP-provided static IP address instead of using 0.

Likewise, the NAT config for hosting a PPTP server can be done with 1 line
of configuration where y.y.y.y is the internal IP of the PPTP server.

nat create protocol=47 inside_addr=y.y.y.y outside_addr=0
nat create protocol=tcp inside_addr=y.y.y.y inside_port=1723 outside_addr=0
outside_port=1723

Outbound PPTP sessions work without any NAPT config required :)

Cheers,

Nik

This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Thu Aug 2 11:11:45 2001