Hello there, I am not sure about this as I am unfamiliar with the aforementioned client, but have you tried compiling and insmodding all netfilter modules? Maybe this is a bit like NAT'ed ftp,where there are special modules needed for the server. You already mentioned you used force_udp_encapsulation,if you have not yet tried other UDP modules it might be worth the try.
greetings Frederik On 2002.05.29 02:56:37 +0200 brien mac wrote: > hello all... :) > > i currently have a small home network (five nodes) in which a slackware 8 > box is NAT'ing the internal network using iptables 1.2.6a. > > my roomate's employer has provided him with a DSL connection which > permits him to work from home. however, in order to access the corporate > network securely, he must authenticate himself using SecuRemote 4.1 > (SP-1). in order for me to also be able to use this DSL, for free ;), he > needs to be able to access the network. > > a packet analysis revealed that UDP 259 was needed for authentication. i > configured Netfilter to accept FORWARD outbound UDP 259 traffic in state > NEW and ESTABLISHED and to accept FORWARD inbound UDP 259 traffic in > state ESTABLISHED. i read the article on > http://lists.samba.org/pipermail/netfilter/2002-February/019769.html and > added "force_udp_encapsulation (true)" to the userc.c file. before doing > this, authentication between the client and gateway was unsuccessful; the > authentication process, according to the SecuRemote client, is now > successful. > > the problem im having, occurs when my roomate uses an application, called > Accessory Manager, to access the corporate network. another packet > analysis revealed that my roomate's computer was attempting to transmit > data to the VPN gateway using protocol 94, which i found through further > research, to be ip in ip (IPIP). > > outbound requests were made by my roomate's computer, but no responses > were received from the VPN gateway. in addition, my firewall's logs did > not report any denied packets for inbound or outbound data transmission. > this leads me to believe that the packets were not even being forwarded, > perhaps because of IPIP. > > i recompiled my linux kernel with IP Encapsulation support and tried > again... this time authentication was unsuccessful. so, im wondering, > what am i doing correctly and what am i doing incorrectly? > > any related links/advice/suggestions are welcomed and appreciated :) > > thanks for your time, > > Brien - a.k.a VPN newbie > > > > > > > > -- > Get your free email from www.linuxmail.org > > > Powered by Outblaze > >
