Topic: PPTP and IPSec Tunnel Pass Through

[Reid Carlisle]

Is it possible to tunnel PPTP/IPSEC VPN services through the 4.1 release?  If so how?  Does the kernel support it?

The setup I am trying to support is a ipsec vpn client behind e-smith server connecting to a VPN server at my corporate office.

Reid

[Gordon Rowell]

Reid Carlisle wrote:
>
> Is it possible to tunnel PPTP/IPSEC VPN services through the
> 4.1 release?  If so how?  Does the kernel support it?

No. The kernel modules for ip_masq_pptp and ip_masq_ipsec (note there are two) did not work in the RedHat7 kernel release used for e-smith 4.1 and 4.1.1

We expect to release working masquerade modules for these protocols in a later e-smith release. PPTP masquerading has been asked for frequently, and we certainly want to see that working.

> The setup I am trying to support is a ipsec vpn client behind
> e-smith server connecting to a VPN server at my corporate
> office.

You will need a working ip_masq_ipsec module for this.

You could upgrade the kernel to the latest RedHat release, but be aware that this will break some e-smith features, including PPTP server support.

Gordon

[Gordon Rowell]

Gordon Rowell wrote:

> [...]
> We expect to release working masquerade modules for these
> protocols in a later e-smith release. PPTP masquerading has
> been asked for frequently, and we certainly want to see that
> working.
> [...]

Oops. And here's one which Charlie prepared earlier

ftp://ftp.e-smith.org/pub/e-smith/contrib/charlieb/RPMS/i386-RH7.0/ip_masq_vpn-0.1.1-1.i386.rpm

You will need to use rpm --force to overwrite the existing broken kernel modules.

You will also need to modify the templates so that the modules are loaded - see

/etc/e-smith/templates/etc/rc.d/init.d/masq/10masq_*

Gordon

[Reid Carlisle]

> Oops. And here's one which Charlie prepared earlier
>
>
>
> ftp://ftp.e-smith.org/pub/e-smith/contrib/charlieb/RPMS/i386-RH7.0/ip_masq_vpn-0.1.1-1.i386.rpm
>

I saw the other posts referencing this package and was able to install
it.

>
>
>
> You will need to use rpm --force to overwrite the existing broken kernel
> modules.
>
>
> You will also need to modify the templates so that the modules are
> loaded -
> see
>
>
> /etc/e-smith/templates/etc/rc.d/init.d/masq/10masq_*
>

OK, forgive my ignorance as I am new to e-smith and not a linux regular
- this is why I chose e-smith...

I see the templates for icq, h323, etc... do I add one for vpn:

10masq_ipsec - or - 10masq_pptp

and what should they contain?:

/sbin/modprobe ip_masq_ipsec - or - /sbin/modprobe ip_masq_pptp

any help would be greatly appreciated!!!

Reid

[Gordon Rowell]

To finish off two threads, I just answered this in:

http://www.e-smith.org/bboard//read.php?f=3&i=3432&t=3320

Gordon