On Thu, Oct 04, 2001 at 08:25:45PM +1000, Andrew <[EMAIL PROTECTED]> wrote: > [...] > I've read all the posts regarding IPSEC vpn and have modified the > /etc/rc.d/init.d/masq script at the IPsec section with the following > additions;
Be careful - that script is generated from the templates on various actions. You need to create specific templates for these changes. Nothing should need to be modified - you are not modifying IPSEC, you are adding another set of protocols. > [...] > Upon re-initiating another vpn session, it seems that nothing has > changed. > > Am I correct in the above modifications? or am I completely off the > beaten track??? You will not only need to accept those packets, but also send those to your internal boxes. This may or may not be possible, depending on the packet types. This sort of work is usually done by a kernel masquerading module which handles the multiple concurrent sessions. I'd suggest you do some research on the protocols involved to find out if anyone has provided this access from behind a firewall. Many VPN solutions do not work from behind firewalls - they expect to _be_ the gateway. Thanks, Gordon -- Gordon Rowell [EMAIL PROTECTED] VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
