Re
I have been running a non-routing dual-homed host as a firewall for a while now with SuSEfirewall and all required services proxied with Squid, SuSE ftp-proxy, etc.
OK, I've understood that. :-)
I thought I would have a go at setting up a VPN server for windows '98 machine to connect up through the internet and, on a first reading through the documentation, it appears that I have to allow IP packets to be routed through the machine, i.e. with masquerading, rather than redirected.
Is this correct? If so the job changes in nature.
This is correct, at least for IPSec using FreeS/WAN. However, you typically don't use masquerading in IPSec VPNs and it can cause serious problems. If you're contemplating to use PPTP, which doesn't seem entirely unlikely, seeing as you've got Win98 machines, I'm not sure, I haven't dealt with that daemon yet myself (and don't plan to, as I normally advise people to steer clear of PPTP, at least the MS implementation). Cheers Tobias