[ale] VPN connections through firewall

Gary S MacKay Gary at EdisonInfo.com
Thu Mar 1 16:59:02 EST 2001 

Don't know if I've seen the exact doc you mention, but yes, I've
searched/read everything I can find. I've added ipchains accept and masq
rules to my firewall script but still no luck. I did not custom compile
the kernel yet, as I was going on the understanding that RedHat had
included the patch(s) already. I'm just using the stock 7.0 kernel that
was installed by default.

- Gary

Wandered Inn wrote:
> 
> Gary S MacKay wrote:
> >
> > I have a Win2K pro machine behine a linux machine running RedHat 7.0
> > with 2.2.16-22 kernel. I've installed the ip_masq_pptp module also. When
> > I try to connect to the remote site, it will get to the point of
> > "Verifing password..." and then timeout. I have verified that the remote
> > site works by dialing into the internet via modem from the Win box and I
> > can connect to the VPN just fine.
> 
> I'm doing much the same, although mine is behind two separate firewall
> machines. You should have added some ipchains to properly pass the
> transactions.  There's a really good description in one of the howto's,
> vpn-howto or vpn-masq-howto, or something like that.
> 
> Have you seen this doc?
> 
> >
> > Problem:
> > Whenever I try to connect to a Netopia R910 router at a client site, I
> > get these entries from a tcpdump on my firewall:
> >
> > 10:51:00.823238 > myIP > remoteIP: icmp: myIP protocol 47 unreachable
> > [tos 0xc0]
> > 10:51:03.463238 > gre-proto-0x880B (gre encap)
> > 10:51:03.813238 < gre-proto-0x880B (gre encap)
> > 10:51:03.813238 > myIP > remoteIP: icmp: myIP protocol 47 unreachable
> > [tos 0xc0]
> >
> > It just repeats until the Win box times out with an error that a port
> > was not connected.
> >
> > Question:
> > What piece of the puzzle am I missing?
> >
> > - Gary
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> 
> --
> Until later: Geoffrey           esoteric at denali.atlnet.com
> 
> "Great spirits have always found violent opposition from mediocre minds.
> The
> latter cannot understand it when a man does not thoughtlessly submit to
> hereditary prejudices but honestly and courageously uses his
> intelligence."
> - Albert Einstein
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list