I am using Dachstein 1.02 and need IPSEC enabled to get the work VPN<snip>
software to work correctly. I do not see a module IPSEC that is loaded,
should I have one to make this work correctly?
Here are the modules loaded:
Linux version 2.2.19-3-LEAF ([EMAIL PROTECTED]) (gcc version 2.7.2.3) #1 Sat Dec 1
12:15:05 CST 2001
Installed Modules: ip_masq_vdolive 1180 0 (unused) ip_masq_user 3708 0 (unused) ip_masq_raudio 2980 0 (unused) ip_masq_quake 1220 0 (unused) ip_masq_portfw 2416 0 (unused) ip_masq_mfw 3196 0 (unused) ip_masq_irc 1924 0 ip_masq_ftp 3576 0 ip_masq_cuseeme 964 0 (unused) ip_masq_autofw 2476 0 (unused) ne 6292 2 8390 6236 0 [ne] bsd_comp 3708 0 (unused) ppp_deflate 40672 0 (unused) ppp 20828 2 [bsd_comp ppp_deflate] slhc 4436 0 [ppp]
Here are the packages:
This is the block that needs to pass through:
Apr 19 07:10:48 amberton kernel: Packet log: input DENY ppp0 PROTO=50 207.11.4.7:65535 68.19.16.103:65535 L=168 S=0x00 I=8699 F=0x0000 T=243 (#70)
I am not sure if I need a rule set or a package loaded, any help would be beneficial.
Actually, I think you need a rule set and a module loaded.
I'm going to work under the assumption that you need to masquerade an IPSec connection (ie: you're running an ipsec client on an internal system, rather than trying to run ipsec on the firewall itself).
To do this, you first need to make sure you're using the proper kernel. Masqerading ipsec and running ipsec on the firewall are mutually exclusive, and require different kernels. The 'plain' kernels avaialble from my site support ipsec masquerading, while kernels with -IPSec in the name support running ipsec directly on the firewall. Which kernel flavor you want depends on your system, but you probably want either the 'small' or 'normal' kernel:
http://lrp2.steinkuehler.net/files/kernels/Dachstein-small/ http://lrp2.steinkuehler.net/files/kernels/Dachstein-normal/
The floppy version ships with the small kernel w/o ipsec by default.
Once you have an approprate kernel (or have verified you're running the linux-2.2.19-3-LEAF-small.zImage.upx kernel by filesize), you need to copy the ip_masq_ipsec.o masquerading 'helper' module to your modules directory and add it to /etc/modules.
The last thing you need to do is allow the actual IPSec traffic through your firewall. This typically involves UDP port 500, and *PROTOCOL* 50 or 51, depending on whether you're running ESP or AH. To do this, add the following in /etc/network.conf
EXTERN_UDP_PORTS="0/0_500" EXTERN_PORTS="50_0/0 51_0/0"
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
