Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Masquerading IPSec through SuSE firewall
  • From: Mark Tinka <aknit44@xxxxxxxxxxx>
  • Date: Sat, 29 Dec 2001 13:20:34 +0000 (GMT)
  • Message-id: <20011229132034.65061.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
hi list...

i have a user with a VPN client, Checkpoint, using the
IKE algorithm behind a SuSE 7.2 Pro system with a
stock 2.2.19 kernel, being masqueraded to the net
using ipchains....

when the user launches SecuRemote, and Checkpoint, he
gets authenticated by the remote VPN server... the
problem comes when he launches his VPN application,
which requires to connect to the remote server on port
23, via the secure connection... but this part of the
process fails... my guess is the Linux server is not
masquerading the user's encrypted session...

in light of this, i decided to enable IPSec and IKE
Masquerading in the SuSE kernel sources... there is a
patch available on

http://www.impsec.org/linux/masquerade/ip_masq_vpn.html

which adds the IPSec, PPTP and IKE options to the
kernel sources.... when i apply the patch, the patch
log file created shows some hunks failed on one of the
lines... nonetheless, i go ahead to compile the
kernel, and the "make dep" runs ok...

when i start the "make bzImage" it runs okay, and then
gives some errors after a couple of minutes, when
compiling the ip_masq options...

i have tried both the old and new 2.2.19 SuSE sources
with the same problem.. i don't use the sources from
kernel.org because they have always given me problems
when compiling on SuSE.. the SuSE lx_sus22 sources are
better on SuSE...

could the problem be with the patch, or something
else... is there another way the IPSec user can be
masqueraded..?..

all help appreciated.. thanks..

AKNIT

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

< Previous Next >
Follow Ups