Scott,
Which ipmasq modules need to be loaded?
At 09:55 AM 6/16/01 -0700, you wrote:
>Greg:
> Good post. Quick comment:
>
> > Would some of you more experienced network admin review my description
> > of the problem and comment. I believe the answer is forwarding
> > protocols like ipsec through masquerading are not possible with out a
> > tool like ipfwd.
>
> I agree that ipfwd is the answer -- the standard forwarding
>tools (ipmasqadm's portfw and autofw) only handle TCP and UDP
>(ie, IP protocol 6 and 17 respectively). To handle other IP protocols,
>such as GRE (47, used by PPTP) or AH/ESP (50 and 51, used by
>IPSec), another tool is required. Fortunately, ipfwd comes standard
>on ES2B, and most of the other current LRP/LEAF distro's.
>
> Also, importantly, ipfwd just gets the packets from the
>*outside in*. To get them from the inside out, it requires that
>ipmasquerade'ing be VPN-aware. Specifically, this means having
>a kernel compiled for VPN support, and having the associated
>ipmasq modules loaded. Skipping this step will cause the VPN
>connection to fail silently.
>
>-Scott
>
>
>_______________________________________________
>Leaf-user mailing list
>[EMAIL PROTECTED]
>http://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
