Ok, are you saying that because of the kernel that I'm using now that
the network modules aren't loading properly? I'm guessing that isn't
so. From what I'm reading, should you be providing an image that does
IPSEC through a registered IP (current one) and private IP (what most
home LRP users are doing now). While I'm at it, I thought I spotted
some things that needed correcting in your document.
-------------------------------
ESP (protocol 50) is called as "transport" mode and is used for
Host-to-Host
connections. AH (protocol 51) is called as "tunnel" mode and is used for
any connection that connects to a Subnet. Tunnel mode is the only method
that will work through NAT. ^^^^^^
Shouldn't that be Transport rather than tunnel?
4) FIREWALL PASS-THROUGH
This type of connection is very often the most confusing. This is used
where a remote computer behind a firewall connects to a remote network
or computer. The firewall is configured to allow the connection, but
does not participate or authenticate.
To setup this type of connection:
1) open the protocols 50 and 51 on your firewall
2) open port 500 on your firewall
3) load the ip_masq_ipsec.o module and add it to /etc/modules
^^^^
I think this should be /lib/modules.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of guitarlynn
Sent: Wednesday, June 26, 2002 3:47 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] GuitarLynn's FreeS/WAN image problem
On Wednesday 26 June 2002 10:31, Ping Kwong wrote:
> When I get a chance again I'll take a look at it again. But I did
> try using Charles' 2.2.19-small modules per your instructions with
> the link. That why I find it perplexing. I have a bootable CD-R that
> I made with Eigerstein and I stick that back in and that works fine.
> Go back to your floppy and I have that same problem. I even went as
> far as finding the module on the CD-ROM and copying that over to see
> if that helps. I believe I'm using the "b" version of the RTL8139 if
> I recall from the bootup messages. The card is actually a D-Link
> 530TX or + can't exactly remember as it came in a kit.
Ahhhh..... let's step back a minute. What you are doing will NOT work!!!
You want ipsec pass-through and added the ip_masq_ipsec module with
my ipsec image. This includes an IPSec-patched kernel that clashes with
the ip_masq_ipsec.o module for pass-through operation. My image will
not do pass-through because of the kernel, however the regular Dachstein
image with the same changes that you have made WILL work.
I will add a note indicating this in the IPSec document as well!
Thanks!
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
