|
|
|
This connection type has to be selected on the client if it has at least one IP address bound to it, which can be accessed directly (ie. public IP address). Network nodes set up like this always communicate with each other using the IP/241 protocol. The encrypted traffic from such clients to coordinators and other clients that work through coordinators is always encapsulated into IP/UDP packets.
Attention! A network node with this connection type, which works inside the LAN with a private address and accesses the Internet via a firewall/NAT system, won't be able to communicate with network nodes outside the LAN with its private system of IP addresses.
If a coordinator uses this connection type and is on the border between two network segments, it provides NAT services for all ViPNet connections in both directions. All IP packets, encapsulated into UDP packets, passing the coordinator, are forwarded from the address of the corresponding network adapter of the coordinator.
Furthermore, the coordinator can carry out the function of a tunneling server. In this case, the coordinator encrypts open traffic from its given LAN group (in general, any IP devices such as IP telephones, web cameras), then encapsulates the traffic into UDP and sends it to other ViPNet nodes or unprotected computers (IP devices) working through other accessible coordinators.
IP traffic from a workstation without ViPNet software is taken by the network adapter of a coordinator and can be tunneled (to be encrypted for sending later to any node). In this case, encrypted packets will be sent on behalf of the name of this adapter (NAT function for tunneling traffic).
To configure a coordinator's connection without using a firewall:
© 2007 Infotecs