Thanks for the info!
I looked through the document that you provided the link for and it
tells me to do essentially what you stated below (opening the firewall
and port forwarding), the only thing is... It does not really go into
HOW to do it. It stated editing the "/etc/ipsec.conf", but is this a
file I need to ADD or is this somewhere in the configuration menu of the
CD Distro? Where on the CD do I need to place this file
("\lib\modules\net")??? Do I need the "ipsec.o" module as stated below
or the "ip_masq_ipsec.o" as stated in the documentation?
Thanks!
Dennis
-----Original Message-----
From: Lynn Avants [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 27, 2002 10:33 PM
To: Dennis Christilaw
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] VPN/Port Mapping...
On Thursday 26 December 2002 09:21 am, you wrote:
> I want to VPN out to my work using a client running Windows XP Pro and
> Nortel Extranet Client. Before going the LRP box, I was running an
> application in Windows called WindRoute Pro, and all I did was map the
> following ports to get VPN working on the client. The WinRoute Pro
> machine was NOT the machine I was VPN-ing from. All this on a DSL
> Connection.
That's fine, other than Dachstein blocks the ports/protocols being used.
What your portmapper is doing is a standard Ipsec setup, and all
documents
including the one (not finished) I wrote at:
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt
> Create mapped port for ESP:
> Protocol: Other 50
> Listen IP: <unspecified>
> Destination IP: the private IP address of the client PC
Open the firewall for protocol 50.
> IKE port mapping:
> Protocol: UDP
> Listen IP: <Unspecified>
> Listen port: 500
> Destination IP: the private IP address of the client PC
> Destination port: 500
Open and port_forward udp port 500.
> Now, the Windows Client has a static IP of 192.168.1.25 and can get
out
> to the Internet.
This would be the destination of the port_forward(s).
> Now, do I really need to load all the IPSec modules? I would think
that
> port mapping would be sufficient.
Yes, you will to pass the connection through the firewall. There is only
one ipsec.o module to load.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
