How to pass IP/SEC data thru ipchains -- assistance appreciated

How to pass IP/SEC data thru ipchains -- assistance appreciated

Post by Dale Mosb » Mon, 10 Jul 2000 04:00:00



I have a Linux box running Redhat 2.2.12 acting as a firewall/router for
a small home network. I have a simple ipchain setup as the firewall.
All has been perfect but now I need to allow my wife to connect with her
office using the corporate VPN software. I have been doing the same
thing with our VPN software (Aventail) and that software works fine
going through the Linux Box.

The VPN software her company uses does not work with the Linux
box in place. If I connect the DSL line directly to the Win 98 box she
is using the VPN software works fine, but my Linux firewall prevents
it from working.

The help desk for her "remote connection" package said that it used
security protocols 50 and 51 and that many DSL providers do not
support IP/SEC. (This theory was proposed before I bypassed my
Linux box.) Evidently they are using IP/SEC which my firewall blocks
and the software used by my company simply uses and encrypted
data stream over TCP/IP.

RFC 1700 shows:
  protocol 50 SIPP-ESP "SIPP encapsulated security payload"
  protocol 51 SIPP-AH  "SIPP authentication header"

I would like to get this running, and I'll quickly admit to having little
expertise with ipchains. I set them up with some assistance from someone
more knowledgeable and thought that all was working fine until this latest
problem appeared. Any help at getting this passed through would be
most appreciated.


 
 
 

How to pass IP/SEC data thru ipchains -- assistance appreciated

Post by Chad+n.. » Tue, 11 Jul 2000 04:00:00


Dale -

I've not tried this myself, just yet.  I'm having the same problem you are I
need to use BayNetworks VPN software behind my GNU/Linux IPChains firewall.

http://www.linuxdoc.org/LDP/lasg/lasg-www/firewall/index.html

Looks simple enough. :)

Regards,
Chad


>Date: Sun, 9 Jul 2000 22:27:21 -0700

>Newsgroups: comp.os.linux.networking
>Subject: How to pass IP/SEC data thru ipchains -- assistance appreciated

>I have a Linux box running Redhat 2.2.12 acting as a firewall/router for
>a small home network. I have a simple ipchain setup as the firewall.
>All has been perfect but now I need to allow my wife to connect with her
>office using the corporate VPN software. I have been doing the same
>thing with our VPN software (Aventail) and that software works fine
>going through the Linux Box.

>The VPN software her company uses does not work with the Linux
>box in place. If I connect the DSL line directly to the Win 98 box she
>is using the VPN software works fine, but my Linux firewall prevents
>it from working.

>The help desk for her "remote connection" package said that it used
>security protocols 50 and 51 and that many DSL providers do not
>support IP/SEC. (This theory was proposed before I bypassed my
>Linux box.) Evidently they are using IP/SEC which my firewall blocks
>and the software used by my company simply uses and encrypted
>data stream over TCP/IP.

>RFC 1700 shows:
>  protocol 50 SIPP-ESP "SIPP encapsulated security payload"
>  protocol 51 SIPP-AH  "SIPP authentication header"

>I would like to get this running, and I'll quickly admit to having little
>expertise with ipchains. I set them up with some assistance from someone
>more knowledgeable and thought that all was working fine until this latest
>problem appeared. Any help at getting this passed through would be
>most appreciated.



--
                                                 _\|/_
                                                 (o o)
----------------------------------------------oOO-(_)-OOo------    

Packet filtering for Linux
http://www.packetfilter.dynip.com/
Now hosting IPChains mailing list v2

"...Unix, MS-DOS, and Windows NT (also known as the Good,
the Bad, and the Ugly)."  (By Matt Welsh)

---------------------------------------------------------------

 
 
 

How to pass IP/SEC data thru ipchains -- assistance appreciated

Post by Tom East » Tue, 11 Jul 2000 04:00:00



>I have a Linux box running Redhat 2.2.12 acting as a firewall/router for
>a small home network. I have a simple ipchain setup as the firewall.
>All has been perfect but now I need to allow my wife to connect with her
>office using the corporate VPN software. I have been doing the same
>thing with our VPN software (Aventail) and that software works fine
>going through the Linux Box.

>The VPN software her company uses does not work with the Linux
>box in place. If I connect the DSL line directly to the Win 98 box she
>is using the VPN software works fine, but my Linux firewall prevents
>it from working.

>The help desk for her "remote connection" package said that it used
>security protocols 50 and 51 and that many DSL providers do not
>support IP/SEC. (This theory was proposed before I bypassed my
>Linux box.) Evidently they are using IP/SEC which my firewall blocks
>and the software used by my company simply uses and encrypted
>data stream over TCP/IP.

>RFC 1700 shows:
>  protocol 50 SIPP-ESP "SIPP encapsulated security payload"
>  protocol 51 SIPP-AH  "SIPP authentication header"

>I would like to get this running, and I'll quickly admit to having little
>expertise with ipchains. I set them up with some assistance from someone
>more knowledgeable and thought that all was working fine until this latest
>problem appeared. Any help at getting this passed through would be
>most appreciated.

Only ESP is supported and you must patch your kernel. See:

        http://www.wolfenet.com/~jhardin/ip_masq_vpn.html

My firewall (http://seawall.sourceforge.net) has support for IPSEC
endpoints on the Linux gateway or masqueraded.

-Tom
--
Tom Eastep             \  Eastep's First Principle of Computing:
ICQ #60745924           \  "Any sane computer will tell you how it

Shoreline, Washington USA \___________________________________________

 
 
 

1. How to pass control data to other process thru stream pipes

I used stream pipes to pass normal data to other process in SunOS 5.4.

Since stream pipe is operated in streams mechanism,
getmsg or putmsg can be applied to it, I think.
I want to pass control data to other process
using getmsg's or putmsg's ctlblk.
How to ?

Thanks in advance.

------------------------------------------------------------
Q-Young Lee. Hanmesoft Corp., Seoul, Korea.

TEL    : +82-2-578-8303                  FAX : +82-2-529-8988
------------------------------------------------------------

2. FTP setup

3. Need to pass thru serial data to AIX printer

4. group file trashed - help!!!

5. Passing client IP address thru reverse mod_proxy

6. Help! Newbie confused with starting X

7. Samba configuration problem - assistance greatly appreciated!

8. Pseudoname for subdomain/domain

9. question on serial drivers in linux - assistance appreciated

10. !!DDE->TCP/IP, REAL TIME DATA PUMP, Trans.DDE App.DATA via TCP/IP