/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Justin,
To get SecuRemote running, you MUST connect to a Firewall-1 v4.x
server with VPN checksum DISABLED.
The reason for this is that the client software sees your internal
IP address and calculates a checksum with it WITHIN the VPN packet.
When the VPN server receives the packet with the re-addressed source
address (MASQed), the checksum won't match and the packet is then
dropped.
By disabling this checksum option in the VPN server (only available
in version 4+), it will then ignore the changed IP address.
--David
> I'm attempting to run SecuRemote VPN software on a Windows workstation
>that's behind a Linux firewall. Problem here is that the SecuRemote client
>software wants to use IP-in-IP packets (protocol 94), which the Linux
>firewall can't masquerade.
>
> My internal Windows workstation is IP 10.10.1.113, so plain routing
>doesn't help. I was wondering if anyone's had success using SecuRemote
>in a similar setup or if anyone has written a masquerading module for
>linux that handles protocol 94.
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
