Latest report in my ongoing saga of VPN client connections to NSM v6...

The issue deals with the lack of proper NAT-T support in the third-party
functionality of the BM client. Astaro (NSM) requires a virtual IP for
clients located behind NAT routers; this is how the NAT traversal works.
Unfortunately, the BM client has no facility for specifying either a
virtual IP address (an address not on the client side LAN nor existing
on the server side - or connected to the server side in any way, even
through another VPN tunnel) nor obtaining one from an IPSec pool
maintained on the server side ( la L2TP).

So, for Windows clients, I am looking at either utilizing the built-in
L2TP over IPSec implementation (tedious to configure for PSK under W2K,
but fairly straightforward using certs), OpenVPN (cross-platform, which
comes in handy for OS/2 clients, as we have a working port of it), or
the Astaro Secure Client (pricey, for some clients, at $90 per seat plus

I'm disappointed that I can't use the BM client, as I really like the
ease of use of it, and because I'm so familiar with its workings from
all of my BM installations.

This whole experience - which is ongoing, as I have mentioned - has
given me a new appreciation for BM, and how spoiled I have become. Where
NSM's VPN strength lies in its S2S configuration (BTW, AIUI, Astaro uses
OpenVPN on the server side), BM excels at C2S ease of use. Once again,
kudos to everyone at Novell for developing BM as nicely as it has matured.

More news as it happens...

Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC
Accountants / Network Consultants
New York / Northern Virginia
eComStation Consultants
Novell Users Int'l
Need a managed Wi-Fi hotspot?