DOH. Forgot a small piece: as Charles pointed out, in
order to get VPN passthru to work, you need to uncomment the
ip_masq_ipsec line in your /etc/modules file, backup the changes,
and reboot. Since you're running Dachstein, you don't need to
upgrade the kernel or anything too tricky.
Good luck!
-Scott
On Mon, 14 Jan 2002, Scott C. Best wrote:
> Eric:
> Heya. My wife connects to her corporate VPN server in very
> much the same way. Yes, it's true: I keep echoWall well-maintained
> because she makes me. :)
> Give echowall.lrp a try. I do not think you need to install
> ipsec.lrp into your firewall: that will connect your entire home
> LAN into the corporate LAN and you probably want just one machine.
> That is, if you put ipsec.lrp onto your firewall, all of your home
> machine's requests to the Internet will "emerge" from behind your
> company's firewall. If you simply connect your one machine, though,
> your other machines will be unaffected.
>
> I refer to this easier mode of IPSec usage as "VPN passthru",
> and I'm fairly confident your IT group at work will support it. Most
> home users have some "DSL router" appliance, like a LinkSys box, on
> their broadband connection, and the low-end boxes don't support the
> more complicated "VPN endpoint" mode. So, give echowall.lrp a try,
> and see if it flies for you. You'll notice in the .conf file that
> IPSec is already in the WANTED_SERVICES list. Yes, really, blame my
> wife for that one. :)
>
> cheers,
> Scott
>
> > First, let me apologize if I get any (or all!) of the technical jargon
> > here confused, backwards, or just plain wrong.
> >
> > Second, let me describe my situation. I am using a Pentium 133mhz with
> > 16MB RAM to run Dachstein 1.0.2 to share my internet connection among
> > the numerous computers in my house. The router runs a DHCP server for
> > the computers on my internal network and runs a DHCP client to connect
> > with my ISP, but this is just for convienence as my ISP provides me with
> > a static IP. The computers (Win98, Win2k, and WinXP) on my internal
> > network all work flawlessly through the router for "normal" internet
> > access.
> >
> > My company provides access to its network over the Internet in the form
> > of a VPN (operated by a Windows 2000 Server, I believe). I connect to
> > this VPN using Windows 2000 Professional. All worked fine connecting to
> > the VPN through my home router until my company began using L2TP/IPsec
> > for the VPN connections. Now, I get no response from the company VPN
> > server when trying to connect. (Note, however, that I *can* connect
> > just fine when my computer is connected directly to my ISP, i.e. without
> > the interference of my LRP box. So my sense is that there are no
> > configuration problems on the client computer, but rather something
> > wrong with my LRP configuration.)
> >
> > Third, I know very little about Linux -- largely because I lack
> > experience -- but I was wondering if someone might point me in the right
> > direction on this problem. As an additional bit of information, a guy
> > in the IS department informed me that UDP ports 500 and 1701 would be
> > involved in the solution, but I am not certain how to act on this
> > information in configuring my router.
> >
> > I have begun to look at the ipsec.lrp package available for Dachstein,
> > but I have not been able to use it to solve my problems. I do not know,
> > however, if this is a fault in my configuration of the package or if the
> > package does not support Level 2 Tunneling (L2TP).
> >
> > If anyone has some experience in a similar situation or would be willing
> > to help a poor old guy trying to get his LRP box to work again, I would
> > much appreciate it.
> >
> > Thanks,
> > Eric Friedman
> >
> >
> > P.S. Please note as well that while I am currently running Dachstein off
> > of a single floppy, I also have access to a CD or additional floppy
> > drive that I could install in the router box. So do not worry about
> > offering solutions that may require more space than is available on a
> > single floppy: I just want something that will work.
>
>
>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
