From: Rainer Hofmeister [mailto:rh@webkom.net] Sent: Thursday, February 06, 2003 7:19 AM To: suse-security@suse.com Subject: [suse-security] MS VPN over SuSefirewall2 (7.3)
Hi,
I'm trying to build a VPN tunnel from an internal Win2K machine to a server on the Internet (also MS). We are using a SuSEfirewall2 (SuSE 7.3) to protect our internal Lan. The internal Lan is masqueraded.
Is there a way to configure the firewall to allow VPN connections from the Win2K machine?
I opened the following ports in FW_MASQ_NETS:
10.0.0.0/24,0/0,tcp,1723 10.0.0.0/24,0/0,udp,1723 10.0.0.0/24,0/0,tcp,47 10.0.0.0/24,0/0,udp,47 10.0.0.0/24,0/0,udp,500
This didn't work. I read somewhere that the communication over port 47 is not tcp or udp but gre. Since I can't set that in SuSEfirewall2 I tried to open up the complete network by using:
It's not _port_ 47, but _protocol_ 47 instead! This is an important difference! I don't know the SuSE Firewall scripts, but opening _protocol_ 47 instead of the port would help IMO. Thomas