Re: SecuRemote Client and Netfilter NAT
From: Frederik (frederik@padjen.de)Date: 05/30/02
- Previous message: Maenard Martinez (TS-PH): "RE: Weird HTML email"
- In reply to: brien mac: "SecuRemote Client and Netfilter NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 May 2002 00:00:02 +0200 From: Frederik <frederik@padjen.de> To: brien mac <aph3x@linuxmail.org>
Hello there,
I am not sure about this as I am unfamiliar with the aforementioned client,
but have you tried compiling and insmodding all netfilter modules?
Maybe this is a bit like NAT'ed ftp,where there are special modules needed
for the server.
You already mentioned you used force_udp_encapsulation,if you have not yet
tried other
UDP modules it might be worth the try.
greetings
Frederik
On 2002.05.29 02:56:37 +0200 brien mac wrote:
> hello all... :)
>
> i currently have a small home network (five nodes) in which a slackware 8
> box is NAT'ing the internal network using iptables 1.2.6a.
>
> my roomate's employer has provided him with a DSL connection which
> permits him to work from home. however, in order to access the corporate
> network securely, he must authenticate himself using SecuRemote 4.1
> (SP-1). in order for me to also be able to use this DSL, for free ;), he
> needs to be able to access the network.
>
> a packet analysis revealed that UDP 259 was needed for authentication. i
> configured Netfilter to accept FORWARD outbound UDP 259 traffic in state
> NEW and ESTABLISHED and to accept FORWARD inbound UDP 259 traffic in
> state ESTABLISHED. i read the article on
> http://lists.samba.org/pipermail/netfilter/2002-February/019769.html and
> added "force_udp_encapsulation (true)" to the userc.c file. before doing
> this, authentication between the client and gateway was unsuccessful; the
> authentication process, according to the SecuRemote client, is now
> successful.
>
> the problem im having, occurs when my roomate uses an application, called
> Accessory Manager, to access the corporate network. another packet
> analysis revealed that my roomate's computer was attempting to transmit
> data to the VPN gateway using protocol 94, which i found through further
> research, to be ip in ip (IPIP).
>
> outbound requests were made by my roomate's computer, but no responses
> were received from the VPN gateway. in addition, my firewall's logs did
> not report any denied packets for inbound or outbound data transmission.
> this leads me to believe that the packets were not even being forwarded,
> perhaps because of IPIP.
>
> i recompiled my linux kernel with IP Encapsulation support and tried
> again... this time authentication was unsuccessful. so, im wondering,
> what am i doing correctly and what am i doing incorrectly?
>
> any related links/advice/suggestions are welcomed and appreciated :)
>
> thanks for your time,
>
> Brien - a.k.a VPN newbie
>
>
>
>
>
>
>
> --
> Get your free email from www.linuxmail.org
>
>
> Powered by Outblaze
>
>
- Previous message: Maenard Martinez (TS-PH): "RE: Weird HTML email"
- In reply to: brien mac: "SecuRemote Client and Netfilter NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
