hello all... :) i currently have a small home network (five nodes) in which a slackware 8 box is NAT'ing the internal network using iptables 1.2.6a.
my roomate's employer has provided him with a DSL connection which permits him to work from home. however, in order to access the corporate network securely, he must authenticate himself using SecuRemote 4.1 (SP-1). in order for me to also be able to use this DSL, for free ;), he needs to be able to access the network. a packet analysis revealed that UDP 259 was needed for authentication. i configured Netfilter to accept FORWARD outbound UDP 259 traffic in state NEW and ESTABLISHED and to accept FORWARD inbound UDP 259 traffic in state ESTABLISHED. i read the article on http://lists.samba.org/pipermail/netfilter/2002-February/019769.html and added "force_udp_encapsulation (true)" to the userc.c file. before doing this, authentication between the client and gateway was unsuccessful; the authentication process, according to the SecuRemote client, is now successful. the problem im having, occurs when my roomate uses an application, called Accessory Manager, to access the corporate network. another packet analysis revealed that my roomate's computer was attempting to transmit data to the VPN gateway using protocol 94, which i found through further research, to be ip in ip (IPIP). outbound requests were made by my roomate's computer, but no responses were received from the VPN gateway. in addition, my firewall's logs did not report any denied packets for inbound or outbound data transmission. this leads me to believe that the packets were not even being forwarded, perhaps because of IPIP. i recompiled my linux kernel with IP Encapsulation support and tried again... this time authentication was unsuccessful. so, im wondering, what am i doing correctly and what am i doing incorrectly? any related links/advice/suggestions are welcomed and appreciated :) thanks for your time, Brien - a.k.a VPN newbie -- Get your free email from www.linuxmail.org Powered by Outblaze
