Thanks Rich! I'll give this a go when I get home this evening, and let you know how it goes. Does the ip_masq_ipsec.o module handle the port forwarding that I'm guessing is necessary for the UDP port 500 stuff?
Also, if it isn't too much trouble, would you mind sharing with me your rules that allow UDP port 500 and protocol 50? I'm thinking my syntax is messed up. Thanks again Rich... Chris Hackett -----Original Message----- From: Richard Burt [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 3:37 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Masqueraded IPSec Client I have this setup working. Going from memory, you will need the vpn kernel from Charles' site like the former post mentioned. After copying that kernel to the floppy, you will need to replace all your modules. The modules the floppy are not compatable with the vpn kernel. While you are downloading those, get the ip_masq_ipsec module. Copy that to the floppy and also tell it to load in the modules section. Then make 2 new firewall rules. One to allow udp port 500 and one to allow protocol 50. No other forwarding rules are necessary. Rich Burt >On Mon, 1 Oct 2001, Chris Hackett wrote: >>Hello All, >> >>I'm guessing that my last post, titled "IPSec, LRP, FreeS/WAN, RedCreek >>Personal Ravlin" was too long and had too much information in it, since I >>haven't gotten any response. I think I'll try and get right to it. >> >>Can anyone help me figure out how to configure my LRP box (EigerBeta2) to >>allow IPSec traffic through it? I don't want to establish the IPSec tunnel >>on the box, but I want the box to allow the tunnel through it. >All I know is you need to use an IPSec-masqing-enabled kernel, for example >from Charles' kernel archives. You may find additional useful information >here: http://jixen.tripod.com/#NATed gateways. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
