hello all... :)

i currently have a small home network (five nodes) in which a slackware 8 box is 
NAT'ing the internal network using iptables 1.2.6a.

my roomate's employer has provided him with a DSL connection which permits him to work 
from home. however, in order to access the corporate network securely, he must 
authenticate himself using SecuRemote 4.1 (SP-1). in order for me to also be able to 
use this DSL, for free ;), he needs to be able to access the network.

a packet analysis revealed that UDP 259 was needed for authentication. i configured 
Netfilter to accept FORWARD outbound UDP 259 traffic in state NEW and ESTABLISHED and 
to accept FORWARD inbound UDP 259 traffic in state ESTABLISHED. i read the article on 
http://lists.samba.org/pipermail/netfilter/2002-February/019769.html and added 
"force_udp_encapsulation (true)" to the userc.c file. before doing this, 
authentication between the client and gateway was unsuccessful; the authentication 
process, according to the SecuRemote client, is now successful.

the problem im having, occurs when my roomate uses an application, called Accessory 
Manager, to access the corporate network. another packet analysis revealed that my 
roomate's computer was attempting to transmit data to the VPN gateway using protocol 
94, which i found through further research, to be ip in ip (IPIP).

outbound requests were made by my roomate's computer, but no responses were received 
from the VPN gateway. in addition, my firewall's logs did not report any denied 
packets for inbound or outbound data transmission. this leads me to believe that the 
packets were not even being forwarded, perhaps because of IPIP.

i recompiled my linux kernel with IP Encapsulation support and tried again... this 
time authentication was unsuccessful. so, im wondering, what am i doing correctly and 
what am i doing incorrectly?

any related links/advice/suggestions are welcomed and appreciated :)

thanks for your time,

Brien - a.k.a VPN newbie







-- 
Get your free email from www.linuxmail.org 


Powered by Outblaze

Reply via email to