<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="country-region"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:651719246;
mso-list-type:hybrid;
mso-list-template-ids:-1902112380 891086686 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Courier New";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>Hi Grant,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-NZ style='font-size:10.0pt;font-family:"Courier New"'>> Is your VPN
concentrator / server directly on the internet or is there some sort of port
forwarding going on. You could use a DMZ, if the machine in <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-NZ style='font-size:10.0pt;font-family:"Courier New"'>> the DMZ had
a globally routable IP, i.e. did not use port forwarding of any sort.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>Unfortunately the VPN server does not explicitly have
a public IP address that would allow it to receive connections. At
present, the VPN server is currently sitting behind a DSL router which has a
public IP and is receiving connections via DNAT, in particular port 1723 (PPTP)
and protocol 47 (GRE). The DMZ setup that the DSL router offers is
basically having all connections on the public IP DNAT through to the internal
IP address of the VPN server. I have been able to verify this, as the
router itself runs a minimal linux environment which includes using IPTables
for its firewalling capabilities (D-Link branded DSL router).<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>Also, I have already mentioned that moving to another
type of connection such as fibre isn’t an option as I cannot afford a
connection of this type (I live in <st1:country-region w:st="on"><st1:place
w:st="on">New Zealand</st1:place></st1:country-region>). Other
alternative connections to DSL are not very affordable and we are very limited
to the connection types that we can choose from.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>At present the range of connections are as follows:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>Dial-Up – Far too slow<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>DSL – Affordable and very quick<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>ISDN – Far too pricey ($900 per month not
including data charges)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>Cable – Only available in certain areas in <st1:country-region
w:st="on"><st1:place w:st="on">New Zealand</st1:place></st1:country-region><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>Fibre – Far far too pricey ($1,500 per month –
2 Mbps National / 512k International)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>Fibre by far would be the best option as I would
receive around 7 public IP addresses but as you can see from the cost it just
isn’t very feasible for only a VPN solution.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>As you also mentioned in your previous email about
the limitation of IPTables … is there any workarounds such as using the
patch-o-matic patches?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-NZ style='font-size:
10.0pt;font-family:Arial'>Any comments/suggestions are welcome from anyone.<o:p></o:p></span></font></p>
</div>
</body>
</html>