Topic: Protocol Fowarding for IPSec client

[Russell Johnston]

I want to port and Protocol forward to a specific box on my network on which I run a Nortel Networks IPSec client for VPN access to my employer's corporate network. I believe I need to direct all traffic with PROTOCOL numbers 47 (GRE), 50 (ESP), and 51 (AH) to this box, and also map across port 500 (IKE) using UDP. Can e-smith (or the underlying RedHat) protocol forward in this manner? And is specific destination address header re-writing necessary for incoming UDP packets or will it "know" from previous outbound traffic?

[JD]

I also use the Nortel EOC to get to my company's network.
My setup is strictly 3DES with MD5 - there is no AH for my user tunnel.

The SME will correctly allow my workstation to create
a tunnel to my company's host ... without any modification
to IPCHAINS - but I did have to load the ip_masq_ipsec.o
file.

 added the following to the /etc/rc.local file
   insmod /lib/modules/2.2.19-7.0.8/ipv4/ip_masq_ipsec.o
   echo 7 > /proc/sys/net/ipv4/ip_dynaddr

which will always load the ip_masq_ipsec module during boot-up and supports dynamic IP addresses provided by your ISP.

IF YOUR COMPANY REQUIRES AH AND YOU DON'T HAVE DEDICATED (static) IP ADDRESSES - the tunnel will never activate as the AH protocol can NOT be NAT'd by the gateway.

Hope this info helps ....
  my SME box supports multiple users - OK

>>JD<<

[Russell Johnston]

Very many thanks. It works perfectly, also for multiple machines on my LAN which I had previously thought impossible! I am a little amazed to be honest - I had so much trouble getting this to work for just one PC with my previous Windows system...

-Russell.

[Shad]

The easier way it to issue the following commands:

/sbin/e-smith/config setprop masq ipsec yes
/sbin/e-smith/signal-event remoteaccess-update

-Shad

[g7pkf]

I used the simple way as above and it worked until last monday week, now it has stopped working, snort isnt showing anything regarding this connection

I plugged my laptop into the cable modem directly and i can quite happily connect to my works vpn can anyone give me any ideas as to whats happening please? anything else i should check?
this is a test system running sme 6.0 beta 2