[Masq] IP Masq and SunScreen SKIP

Thu, 27 May 1999 13:08:31 -0700 


I have veen seaarchin how-tos, FAQs, and various web sites for some
info, and have not been able to find anything.  My company is
currently using a program called SunScreen SKIP (from Sun) to
implement a VPN.  I have a Win9x client installed, which I want to use
to access our VPN from behind my linux box running IP Masq.  I have
not been successful in getting anything to work with this.  I have set
up sniffers on both sides of my linux masq box, and see IP protocol
0x39 (decimal 57) (SKIP) traffic coming into the box, but see nothing
except for DNS queries going out.  I started out with an old Slacware
install with a 2.0.36 kernel, and read that ipchains supports other
protocols besides TCP and UDP, so decided to give it a try, so I did a
Red Hat 6.0 install (nothing patched as of yet) to try this again, and
specified -p all on the commmand line, and see the same traffic again.

I dont know whether the actual VPN software will have problems with
NAT (I don't think that it will because it has its own NAT support
built in), however, I am not even able to get traffic out from my
machine.  Any advice would be useful.

Here is a diagram of my setup, for addition help:

Full IPs:

17.5 = 192.168.17.5
17.1 = 192.168.17.1
97.5 = xxx.yyy.97.5 (internet connected interface)


                 17.1   97.5
+--------+        +-------+         +---------+
| Win 95 | _______| Linux | ________| Solaris |
|  17.5  | -------|       | --------|  VPN GW |
+--------+   ^    +-------+    ^    +---------+
             |                 |
             |                 |
          IP 0x39           no traffic
          traffic




-- 
 +--------------------------------+-------------------------------+
 | In the stream of consciousness | Lines In The Sand, taken from |
 | There is a river crying        |        Dream Theater's        |
 | Living comes much easier       |     Falling Into Infinity     |
 | Once we admit  We're dying     |                               |
 +--------------------------------+-------------------------------+
                Michael Burstin: [EMAIL PROTECTED]
                  http://www.cs.brandeis.edu/~mikeb/
Coalition Against Unsolicited Commercial Email: http://www.cauce.org


_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]

Reply via email to