On Thursday 26 December 2002 09:12 am, you wrote: > I eventually sorted out connecting Cisco VPN Client v3.6.1 (on Win98) to my > company VPN server via Dachstein. (The client is configured to use UDP, not > TCP).
Absolutely, this is in all Ipsec documentation I have seen. > I tried connecting with a direct connection to my cable modem, and realised > I was using the wrong ***�*"^+$** username - once I corrected this, things > moved a lot more swiftly! I got it running through Dachstein, gradually > tightening up the filter rules to the minimum required addresses/ports. I'm > not able to run an X-server to the machine in my office, but that may be a > 'feature' of the company set-up. I can telnet into company machines, and > get the Windows shared drives from the NT servers. Sounds like that could cause problems. ;-) > For the record, and for future reference, what was ultimately required was > as follows: > - Load ip_masq_ipsec module > - Add the following to /etc/network.conf: > EXTERN_UDP_PORT0="218.33.115.21/0 500 192.168.0.0/0" > and > EXTERN_PROTO0="50 218.33.115.21/0 192.168.0.0/0" > EXTERN_PROTO1="47 218.33.115.21/0 192.168.0.0/0" > > where 218.22.115.21 is the VPN server address, and 192.168.x.x the > addresses on my internal nework interface(s). Yep, this is well documented in the leaf-user archives and ipsec documentation EXCEPT for the protocol 47 (GRE) which is used exclusively for PPTP and has absolutely nothing to do with any IPSec implementation that I've ever heard of. More likely, The GRE protocol is being used by your PPPoE connection for login over the DSL connection....WAG> > Many thanks to all those who offered advice/encouragement, and happy > holidays to all! NP, glad it is working. I think you could have saved yourself a lot of time trouble by using a little more effort with the mailing-list archives..... everything but GRE (which probably has nothing to do with the VPN connection) is a common VPN FAQ. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
