Thanks Charles - yes I just need to allow the passthrough of the IPSEC protocol for everything to work. I will update the firewall like below and bring the laptop home tomorrow to try it out. The IT guys do not understand my router and all they have troubleshooting guides for are the commercial routers for consumers....
I will try the rules first, then the kernel and module. As Matt stated, I will also search the HOWTO's and ask the IT guys what type of connection this is if I need more help. -----Original Message----- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 7:41 AM To: Kevin Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] IPSEC help needed.... Kevin wrote: SNIP Actually, I think you need a rule set and a module loaded. I'm going to work under the assumption that you need to masquerade an IPSec connection (ie: you're running an ipsec client on an internal system, rather than trying to run ipsec on the firewall itself). To do this, you first need to make sure you're using the proper kernel. Masqerading ipsec and running ipsec on the firewall are mutually exclusive, and require different kernels. The 'plain' kernels avaialble from my site support ipsec masquerading, while kernels with -IPSec in the name support running ipsec directly on the firewall. Which kernel flavor you want depends on your system, but you probably want either the 'small' or 'normal' kernel: http://lrp2.steinkuehler.net/files/kernels/Dachstein-small/ http://lrp2.steinkuehler.net/files/kernels/Dachstein-normal/ The floppy version ships with the small kernel w/o ipsec by default. Once you have an approprate kernel (or have verified you're running the linux-2.2.19-3-LEAF-small.zImage.upx kernel by filesize), you need to copy the ip_masq_ipsec.o masquerading 'helper' module to your modules directory and add it to /etc/modules. The last thing you need to do is allow the actual IPSec traffic through your firewall. This typically involves UDP port 500, and *PROTOCOL* 50 or 51, depending on whether you're running ESP or AH. To do this, add the following in /etc/network.conf EXTERN_UDP_PORTS="0/0_500" EXTERN_PORTS="50_0/0 51_0/0" -- Charles Steinkuehler [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
