Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: VPN Masquerading
« previous next »
Pages: 1 [2]  All   Go Down

VPN Masquerading

  • 19 Replies
  • 2069 Views

Gordon Rowell

Re: VPN Masquerading
« Reply #15 on: April 09, 2001, 05:00:34 AM »
Sorry, that line needs to be add to /etc/rc.d/init.d/masq via a custom template. If you run it from the command-line, $OUTERNET is (probably) undefined, so you will see that error.

Add the line to the 10masq_ipsec file mentioned above.

And I made a typo before - this is for ESP packets, not AH packets.

Gordon
Logged

Yeroc

Re: VPN Masquerading
« Reply #16 on: April 11, 2001, 07:01:33 AM »
Hi,

I've been following this discussion with interest as I am trying to get e-smith to masquerade VPN IPsec traffic as well.  According to instructions I've found in a couple of places I need ipfwd in order to forward the protocol 50 packets to my client machine.  Unfortunately I cannot find an ipfwd rpm built for e-smith/RH7 does anyone know where I can get my hands on it?  There is a source rpm available at http://www.cag.lcs.mit.edu/~cananian/Projects/IPfwd/release/ but of course e-smith doesn't have a compiler or anything installed.

For others trying to get VPN masquerading to work there's good information at http://www.phoneboy.com/faq/0372.html (specific to SecuRemote and Firewall-1).  As well as the generic VPN Masquerading how-to at ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html.
Logged

Yeroc

Re: VPN Masquerading
« Reply #17 on: April 11, 2001, 07:10:56 AM »
Gordon Rowell wrote:
> Sorry, that line needs to be add to /etc/rc.d/init.d/masq via
> a custom template. If you run it from the command-line,
> $OUTERNET is (probably) undefined, so you will see that error.
>
> Add the line to the 10masq_ipsec file mentioned above.
[snip]

You will actually have to add the line to a separate fragment ie 40AllowIPSec since the $OUTERNET variable is not yet defined in the standard fragments by the time the template generator hits the 10masq_ipsec file.
Logged

Tim Perry

Re: VPN Masquerading
« Reply #18 on: April 11, 2001, 06:09:32 PM »
Maybe it would help to know where the $OUTERNET variable is set and what it is supposed to contain. I went looking for OUTERNET to no avail. I am on a dial up connection. The name seems to imply it contains the address for the internet connection.

Also is there any better way to test this connection besides attempting to use the SecuRemote client?
Logged

Gordon Rowell

Upgrade to 4.1.2 (was Re: VPN Masquerading)
« Reply #19 on: May 09, 2001, 01:31:23 PM »
Just to follow-up:

As far as we know, PPTP and IPSEC masquerading should both work under 4.1.2 - we know that PPTP does. If IPSEC does not, please provide full details in a bug report to bugs@e-smith.com

Thanks,

Gordon
Logged
Pages: 1 [2]  All   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: VPN Masquerading