Archived from groups: comp.dcom.vpn (
More info?)
kevin wrote:
> Hi,
>
> i would like to ask a question. Can VPN set with virtual IP ? I
> wanted to set a VPN from China to Hongkong, however, ISP of Mainland China
> only provided virtual IP to their clients for accessing Internet. Can we use
> those IPs to setup a VPN.
>
> remarks : Hong Kong can fix it's IP
>
> Thanks for comments.
Some VPN protocols will tolerate a private ip but they are highly
dependent on the support of the firewall doing the network address
translation to work.
The use of a private (virtual) ip indicates that this ISP is using a
firewall which means they can block these protocols so there is no way
to know if it will work without trying it first.
PPTP is usually well supported by most NAPT (network address and port
translation) implementations but this support can be enabled and
disabled in many products. If they choose to disable support for this
protocol then it will not function.
Some IPSEC vendors have client software which supports NAT traversal
mode. I do not know of any network to network router implementations
that use NAT traversal, this feature is usually reserved for single
client use, not connections between two entire network segments.
SSH is a popular protocol that can be used to tunnel traffic between a
client and server. It is not used for network to network connections
but it does work through NAPT in most cases unless the ports are
specifically blocked. The port used for SSH can often be changed if you
have control over the server configuration.
L2TP is less likely to work through a NAT connection from what I know
than most of these other protocols but I'm not as familiar with it's
implementation as I am with the others.
SSL VPN's are the new thing. Using the familiar SSLv3 encryption that
is built into your browser. I believe this is only used as a client to
server VPN method currently. The idea is that you do not require any
special setup on the client end beyond a supported browser.
If the ISP wants to block VPN use they can block any of these protocols
from operating properly. You might want to talk to the ISP to find out
if they have any VPN protocols they can suggest that work through their
system or if they have another service that does not use private IP's.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
Facebook
Twitter
Instagram