Hello,
Does your script support IPSec? I have port UDP 500,2746 open, port 0/0(50)
open for IPSec traffic. What is happening on the client is the connection
is established and successfully login, but the tunnel fails to open. If I
connect the client directly to my cable modem, it works, so I at least know
that the client config is setup correctly.
Behind the firewall, using Ethereal I can see the key exchange occur
(ISAKMP), but what I dont see is the ESP traffic exchange, do you have any
suggestions? I have read that using iptables, one client behind a firewall
can use a VPN connection. According to PhoneBoy, he recommends the
following iptables commands (which I have tried, but does not work).
* fw1-ip is the external IP of your firewall
* linux-ip is the IP of your Linux host
/usr/sbin/iptables -A input -s linux-ip -d fw1-ip -p udp --dport 500 -j
ACCEPT
/usr/sbin/iptables -A input -s linux-ip -d fw1-ip -p 50 -j ACCEPT
/usr/sbin/iptables -A input -s fw1-ip -d linux-ip -p udp --dport 500 -j
ACCEPT
/usr/sbin/iptables -A input -s fw1-ip -d linux-ip -p udp --dport
2746 -j ACCEPT
/usr/sbin/iptables -A input -s fw1-ip -d linux-ip -p 50 -j ACCEPT
/usr/sbin/iptables -A forward -s linux-ip -d fw1-ip -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -o ext_if -j MASQUERADE
Are there any kernel config changes, I have been looking for doco on the net
for 2.4, but everything I have read says that IPSec should work with the
standard kernel.
TIA for any suggestions.
