* Multiple VPN clients
@ 2003-02-03 19:26 Jimmy
2003-02-04 0:50 ` Michiel Brandenburg
0 siblings, 1 reply; 3+ messages in thread
From: Jimmy @ 2003-02-03 19:26 UTC (permalink / raw)
To: netfilter
Hello,
I have a situation that I have been strugling with for a few days now.
I don't want to write a 10 page e-mail, so I will try to summerize the
important points and hope someone can clarify this for me. :)
In a nutshell: I need to allow multiple IPSec VPN clients from behind
my iptables firewall to connect to a single VPN server on the Internet.
Firewall: Redhat 7.3 kernel 2.4.18-18.7.x and iptables v1.2.5.
Clients: win98/2000 with the Nortel Connectivity VPN client V04_15.06
#1 is this possible? (According to the docs IP masq and VPN masq, I
think it is, unless I am misreading something somewhere)
From what I understand, all I need is to have the firewall setup to
masquerade and allow ESP, AH and UDP port 500 trafic. (I included the
relavant rules at the end of this e-mail) This all works great with
_one_ connection. As soon as a second ipsec client is launched, it does
not work.
I keep reading I have to patch the kernel for this, but I cannot find an
IPSec patch for the 2.4 kernel anywhere. (Is this what I am missing?)
The docs I have run through are:
Linux VPN Masquerade:
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
IP Masquerade HOWTO from
http://ipmasq.webhop.net
Linux VPN Masquerade HOWTO:
http://www.impsec.org/linux/masquerade/VPN-howto/VPN-Masquerade.html
And I have googled to my wits end... :)
I don't know if there is a small point escaping me, or if this is a big
deal and I just plain blind.
If someone has an idea what I might be missing here, I would really
appreciate any input.
Here are the iptables rules I think relavant. (I setup a bunch of
logging options, and I know these rules are working because of the first
connection. Yes my real rules are more secure, this is just the parts I
think relavent to my situation, then again I may be wrong)
#! /bin/bash
FILTER=/sbin/iptables
echo "1" > /proc/sys/net/ipv4/ip_forward
$FILTER -t nat -A POSTROUTING -o $EXTINT -j MASQUERADE
$FILTER -A FORWARD -p esp -j ACCEPT
$FILTER -A FORWARD -p ah -j ACCEPT
$FILTER -A FORWARD -p udp --dport 500 -j ACCEPT
I hope someone can enlighten me. :)
Thank you,
Jimmy
--
Jimmy <jimmy@v2k.ca>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Multiple VPN clients
2003-02-03 19:26 Multiple VPN clients Jimmy
@ 2003-02-04 0:50 ` Michiel Brandenburg
0 siblings, 0 replies; 3+ messages in thread
From: Michiel Brandenburg @ 2003-02-04 0:50 UTC (permalink / raw)
To: netfilter
> I keep reading I have to patch the kernel for this, but I cannot find an
> IPSec patch for the 2.4 kernel anywhere. (Is this what I am missing?)
Currently running (and firewalling) Linux 2.4.20 with FreeSWAN patch
(ipsec) which u can get at www.freeswan.org
--
Best regards,
Michiel
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: Multiple VPN clients
[not found] <20030203232725.17363.84764.Mailman@kashyyyk>
@ 2003-02-04 1:10 ` Storm D. J. Petersen
0 siblings, 0 replies; 3+ messages in thread
From: Storm D. J. Petersen @ 2003-02-04 1:10 UTC (permalink / raw)
To: jimmy; +Cc: Netfilter@Lists. Netfilter. Org
Hi!
I'm also having trouble with this. If someone sends you some hints via
direct email, can you post it public?
Thanks,
S.
-----Original Message-----
Subject: Multiple VPN clients
From: Jimmy <jimmy@v2k.ca>
To: netfilter@lists.netfilter.org
Organization:
Date: 03 Feb 2003 14:26:11 -0500
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-02-04 1:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-02-03 19:26 Multiple VPN clients Jimmy
2003-02-04 0:50 ` Michiel Brandenburg
[not found] <20030203232725.17363.84764.Mailman@kashyyyk>
2003-02-04 1:10 ` Storm D. J. Petersen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox