Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Howard Jacobson on January 15, 2002, 07:26:13 AM

Title: Cisco VPN / Opening UDP ports
Post by: Howard Jacobson on January 15, 2002, 07:26:13 AM

I am trying to use the Cisco VPN client from a Red Hat Linux 7.2 box attached to the SME v. 5.03 server.  According to Cisco, the client needs UDP port 500, UDP port 10,000 (or whatever port is needed for ipsec through NAT) and IP protocol 50 (ESP).  Cisco says to look for and delete lines in /etc/sysconfig/ipchains that contain:

-A input -p udp -s 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d

I understand that SME server does not use the /etc/sysconfig/ipchains file but uses the /etc/rc.d/init.d/masq file instead.

I am having a problem with DNS services while the Cisco VPN client is running.  I can get DNS when the client is not running, but when it starts, it overwrites resolv.conf with my company's internal DNS server addresses and DNS no longer works.

It seems that ipchains rules are blocking some part of the traffic over the VPN, but I cannot figure out which ipchains rules to add / modify / delete in the masq file.

Thanks for any help.

Title: Re: Cisco VPN / Opening UDP ports
Post by: Ritchie Logan on January 17, 2002, 08:52:29 PM

Try this....

http://forums.contribs.org/index.php?topic=12107.msg45462#msg45462

Title: Re: Cisco VPN / Opening UDP ports
Post by: Howard Jacobson on January 18, 2002, 07:07:06 AM

Ritchie:

Thanks for the reply, but those rules are already in /etc/rc.d/init.d/masq and appear when I /sbin/ipchains -L -n.  The strange thing is that if I specify an IP address (e.g., for the SMTP server in Mozilla), I can see the specified server but cannot seem to communicate with it.  For example, Mozilla tries to send mail but just sits forever trying to send.  If I specify a server name, I cannot get any name resolution.  So, I have a strong suspicion that this is a DNS-related problem.  HAJ

Title: Re: Cisco VPN / Opening UDP ports
Post by: Ritchie Logan on January 18, 2002, 03:50:28 PM

I might be tempted to agree with you... it does sound a little bit like a client related problem. However, I would only be convinced it's not a port / ipchains / masqing problem after verifying your ESSG is playing the game. Can you try to connect another client? (M$ based??)

Ritchie

Title: Re: Cisco VPN / Opening UDP ports
Post by: Howard Jacobson on January 20, 2002, 05:08:21 AM

Ritchie:

That's an interesting idea.  I'll try to get the Cisco VPN client onto one of the Windows machines on my home network and see if I can connect through the VPN to a server at work.  Thanks for the help.  HAJ