From: harbell@beerburp.com   
      
   Hi all,   
      
   When placing a VPN router/server inside a firewalled network, I assume   
   it will be fine to just attach one LAN-side port to the local LAN, and   
   not have a connection to the vpn router's WAN port. Yes?   
      
   My firewall router is a Linksys WRT54G v3.0 running HyperWRT v15c. I'm   
   using this setup because I need lots of ports forwarded (more than   
   what's available with the standard firmware), and I need to be able to   
   forward GRE using iptables. And I'd like to keep the firewall separate   
   from the vpn endpoint.   
      
   For the vpn endpoint I'll be using a Netscreen, Netgear, D-Link, or   
   Linksys. The client will be an XP laptop running a clinet that's IPsec   
   -- either the vpn device's proprietary client or TheGreenBow, etc.   
      
   Alternately, I could move the WRT54G to the inside and use it as just   
   a wireless access point, but I'd need to port-forward 30+ ports.   
   (usually soho routers only allow 10 or so.)   
      
   I've had trouble setting up various software VPN servers:   
      
   A) XP host inside private network listening for VPN conections:   
     -- I forwarded nececary ports, plus used IP tables to be sure the   
   GRE is forwarded.   
     -- Got 721 error. Tried & tried & tried. No joy.   
      
   B) OpenVPN running on same XP box:   
     -- Bridged network and Tapi interfaces.   
     -- On laptop, worked okay, but soon stopped.   
     -- Note, when switching from Ethernet to Wireless must delete   
   bridege, recreate & rename bridge on new interface. PITA.   
      
   So, what's the popular physical arrangement for a soho VPN box inside   
   the firewalled home LAN?   
      
   Thanks in advance.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)