/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi All,
I'm trying to get Microsoft VPN to work across my Masq gateway. The setup
is that I have a VPN client, inside the gateway and firewall (192.168.100.X)
that is trying to connect to an external VPN server. The VPN is Microsoft
pptp. I have read the "masq_vpn_howto" and I feel utterly stupid. I can't
quite figure out what it is trying to say. I have included an exerpt from
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html for clarity. I am
running Redhat 7.0 (right out of the box) with kernel 2.2.16-22, at least
that's what my /boot/ says.
My questions are as follows:
Do I need to download the newer Kernel 2.2.17-14 from redhat?
If I do not use this new kernel, what patch do I need?
I tried applying ip_masq_vpn-RH2.16-2.patch.gz, but after applying I
typed Make modules_install and got an error (no make file). I'm guessing
that after I apply the patch, I have to run Make Menuconfig, then
make dep, make clean, make zimage... Is this right? Do I need to rebuild
the kernel after patching?
Is there an easier way?
Thanks
RedHat and Mandrake 2.2.x-series kernels
RedHat has included the VPN patch in kernels 2.2.16-8 and later. Drop by the
RedHat FTP site
<ftp://rawhide.redhat.com/pub/redhat/linux/updates/7.0/en/os/i386/> or a
RedHat mirror site <http://www.redhat.com/mirrors.html> and save yourself
some patching. Note that you may also have to update to a new version of RPM
as well.
If you're attempting to patch a kernel from a RedHat or Mandrake kernel
source RPM prior to 2.2.16-8, you will also need to apply the following
patch after applying the full VPN masq patch. This will fix an important
failed hunk. To apply this patch:
cd /usr/src/linux/net/ipv4
zcat patchfile.gz | patch -l -p0
2.2.12 and 2.2.13: [ HTTP Mirror 1 (USA: CA)
<http://www.soleman.org/~jhardin/masquerade/ip_masq_vpn-RH2.12.patch.gz> |
HTTP Mirror 2 (USA: WA)
<http://www.impsec.org/linux/masquerade/ip_masq_vpn-RH2.12.patch.gz> | HTTP
Mirror 3 (AU)
<http://grebopple.accessunited.com.au/linux/masquerade/ip_masq_vpn-RH2.12.pa
tch.gz> | FTP Mirror 1 (USA: UT)
<ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn-RH2.12.patch.gz>
| FTP Mirror 2 (EU: NL)
<ftp://kanon.net/pub/jhardin/masquerade/ip_masq_vpn-RH2.12.patch.gz> ]
2.2.14 through 2.2.16-7: [ HTTP Mirror 1 (USA: WA)
<http://www.impsec.org/linux/masquerade/ip_masq_vpn-RH2.14.patch.gz> | HTTP
Mirror 2 (AU)
<http://grebopple.accessunited.com.au/linux/masquerade/ip_masq_vpn-RH2.14.pa
tch.gz> | FTP Mirror 1 (USA: UT)
<ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn-RH2.14.patch.gz>
| FTP Mirror 2 (EU: NL)
<ftp://kanon.net/pub/jhardin/masquerade/ip_masq_vpn-RH2.14.patch.gz> ]
The following patch is needed for the RedHat or Mandrake 2.2.16 kernel, or a
kernel which has had the VS-Masq (Virtual Server) patch applied. This
includes the kernel shipped with RedHat 7.0 - if you have RedHat 7.0 and you
are using the kernel that came with it, you do need this patch. The RedHat
2.2.17-14 update kernel includes this patch, I recommend you get that kernel
RPM from the FTP site rather than patching and rebuilding.
If verbose PPTP debugging shows a masquerade address (maddr) of 0.0.0.0 is
being used, or tcpdump on your Internet interface shows something like:
08:32:26 0.0.0.0 > 1.2.3.4: ip-proto-50 108 (ttl 63, id 1)
...then you need to apply this patch. To apply this patch:
cd /usr/src/linux/net/ipv4
zcat patchfile.gz | patch -l -p0
2.2.16: [ HTTP Mirror 1 (USA: WA)
<http://www.impsec.org/linux/masquerade/ip_masq_vpn-RH2.16-2.patch.gz> |
HTTP Mirror 2 (AU)
<http://grebopple.accessunited.com.au/linux/masquerade/ip_masq_vpn-RH2.16-2.
patch.gz> | FTP Mirror 1 (USA: UT)
<ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn-RH2.16-2.patch.g
z> | FTP Mirror 2 (EU: NL)
<ftp://kanon.net/pub/jhardin/masquerade/ip_masq_vpn-RH2.16-2.patch.gz> ]
Don't forget to run "make modules_install" after patching and recompiling.
The VPN Masq patch was omitted from the first RedHat 2.2.19 kernel RPM due
to time constraints. It will be in the next one.
You may wish to download a plain kernel source tarball from a kernel.org
<http://www.kernel.org/> mirror site <http://www.kernel.org/mirrors/>
instead.
Carl Engstrom
Account Executive
Network Attached Storage
Phone: 949.797.2259
Cell: 949.294-9950
E-Mail: [EMAIL PROTECTED]
Page: 877-584-4210
Click here to text page me:
http://www.skytel.com/paging/pageme.cgi?pin=8775844210,2
EMC2
...where information lives
IP4700 Link
http://www.emc.com/products/systems/clariion.jsp?openfolder=storage_systems#
IP4700
Celerra Link
http://www.emc.com/products/networking/celerra.jsp?openfolder=storage_networ
king
"He who has not first laid his foundations, may with great ability, lay them
afterwards, but they will be laid with trouble to the architect and a danger
to the building."
- Machiavelli
[demime 0.97b removed an attachment of type application/ms-tnef]
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
