Topic: Gateway prevents VPN/Terminal Server Client

[Doug McCaughan]

Hello All!

Looking for pointers to man pages or links that might help me with the following:

My lan is normally set up like:

comcast ---> cable modem ---> red hat gateway server (e-smith.org) --> 2
win98; win98se; win2k; winxp; mac

In that configuration, I cannot get any of the boxes to create a vpn and
terminal serve to a machine in Dallas.

Switching to config:

comcast ---> cable modem ---> win98

I can vpn and terminal serve into Dallas.

What in ipmasquarade, freeswan, or whatever should I be looking to so that
the lan will perform correctly behind the gateway? I've tried setting up ip
forwarding so that the tcp and ucp were directed to a single machine (yes,
udp doesn't actually go to a specific ip) but that failed...the only thing
in that case I can figure is that I missed forwarding a necessary port.

As for freeswan, I think I didn't spend enough time with it to grasp the
concepts. Tried setting up the configuration as explained in the docs with no success.

Any thoughts?

Ideally I'd like things like webcams etc to work from multiple machines from
behind a gateway.

Thanks!
Doug

[ryan]

Are you using RedHat or SME server?

Using the Windows PPTP client behind linux or commercial VPN software?
     If Commercial, does it use protocol AH 51?

I found with SME 5.1.2, only a single windows PPTP VPN connection can exist from Location A to Location B at one time.  Multiple VPN connections will work if they are going to different internet IP addresses.  If you need more than a single connection from your LAN to Texas at one time, you should look into server to server IPSEC VPN with SME or a hardware based solution ($$$$).

Hope this helps solve your problems,

Ryan

[Doug McCaughan]

That could be it. I had the securemote vpn client installed on several machines at once since I was testing.

I'll give a go. Thanks!
Doug

[ryan]

I was referring to only Windows PPTP VPN clients for the multiple connections to the same remote location.  

I have over 10 Extranet IPSEC VPN clients connecting to the same location and it works fine.  

Search this forum for commands that enable IPSEC to pass through SME.  These commands will allow UDP 500 and IP protocol 50 to be masqueraded.  Note, if your VPN clients use AH 51, they won't work behind SME.


Ryan

[Trevor B]

from http://forums.contribs.org/index.php?topic=5388.msg19013#msg19013

I use the Nortel Extranet client to connect into my office from home (under 4.1.2, 5.1.2 and 5.5). To get it to work I used the following (the first line turns on the IPSEC masq properties in SME, the second expands the appropriate templates and restarts the required services).

/sbin/e-smith/config setprop masq ipsec yes
/sbin/e-smith/signal-event remoteaccess-update

You don't need to change any of the port settings.

Trevor B

ryan wrote:
>
> I was referring to only Windows PPTP VPN clients for the
> multiple connections to the same remote location.
>
> I have over 10 Extranet IPSEC VPN clients connecting to the
> same location and it works fine.
>
> Search this forum for commands that enable IPSEC to pass
> through SME.  These commands will allow UDP 500 and IP
> protocol 50 to be masqueraded.  Note, if your VPN clients use
> AH 51, they won't work behind SME.
>
>
> Ryan