Linux Firewall, Leased Line, Microsoft VPN server problem

Linux Firewall, Leased Line, Microsoft VPN server problem

Post by Royce Smallbon » Tue, 30 Nov 1999 04:00:00



After a couple of days of head scratching I have been able to get a
win98 client to dial up to the internet and then connect to a NT VPN
server sitting on the 'secure' side of the linux proxy / firewall. The
problem now is that when i connect to the vpn server the conection is
only active for about 20 or 30 seconds after which the connection drops.

I am now at a loss as to why this is happening. Please can anyone help
me as I do not wish to buy and use MS Proxy.

System details,

Mandrake 6.0
2.2.13 kernel
ipchains
ipfwd
ipmasqadm

Many Thanks,

Royce Smallbone

 
 
 

Linux Firewall, Leased Line, Microsoft VPN server problem

Post by dragon.. » Sat, 04 Dec 1999 04:00:00


In article



Quote:> After a couple of days of head scratching I

have been able to get a
Quote:> win98 client to dial up to the internet and

then connect to a NT VPN
Quote:> server sitting on the 'secure' side of the

linux proxy / firewall. The
Quote:> problem now is that when i connect to the vpn

server the conection is
Quote:> only active for about 20 or 30 seconds after

which the connection drops.
Quote:

> I am now at a loss as to why this is happening.

Please can anyone help

Quote:> me as I do not wish to buy and use MS Proxy.

> System details,

> Mandrake 6.0
> 2.2.13 kernel
> ipchains
> ipfwd
> ipmasqadm

> Many Thanks,

> Royce Smallbone

I've found this in Linux VPN Masquerade HOWTO.

5.7 If your IPsec session always dies after a
certain amount of time
If you're having trouble with your IPsec tunnel
regularly dying, particularly if checking the
system logs on the firewall shows that ISAKMP
packets with "zero cookie" values are being seen,
here's what's happening:

Earlier versions of the IPsec Masq patch did not
change the timeout for masq table entries for
ISAKMP UDP packets. The masq table entries for
the ISAKMP UDP traffic would time out fairly
quickly (relative to the data channel) and be
removed; if the remote IPsec host then decided to
initiate rekeying before the local IPsec host
did, the inbound ISAKMP traffic for the rekey
couldn't be routed to the masqueraded host. The
rekey traffic would be discarded, the remote
IPsec host would think the link had failed, and
the connection would eventually be terminated.

The 2.0.36 patch has been modified to increase
the timeout on ISAKMP UDP masq table entries. Get
the current version of the patch, available via
the sites given in the Resources section, and
repatch and recompile your kernel.

Also verify that your IPsec Masq Table Lifetime
parameter is configured to be the same as or
slightly longer than your rekey interval.

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

1. Linux permanent Line (connection two linux machines over a leased line (permanent telephone line)

Hi

I am trying to configure a ppp server to connection two linux machines
together. Aim is to connect two lans and finally make it possible to connect
into the internet through one server.

The leased line (permanen telephone line) is working. I can connect both
machines via minicom, but i am not able to set up the ppp server. If read
the standard howto's and i haven't solved setting up server and client
probably, whether normal ppp-client is working for other accounts.

Any experiences, suggestions? Help would be real great.

thanks in advance for every help

Christian

2. Help with FREEBSD & modem

3. LINUX VPN client to Microsoft VPN Server

4. Group under attack?

5. Linux Firewall & Microsoft PPTP (VPN) Problem.

6. System functions?

7. VPN with Linux, german Telekom T-DSL, replacing leased line

8. A Linux user with no disk space left 8-(

9. Combining leased lines into a super leased line

10. OpenBSD 2.9 (IPF & NAT) Firewall & Microsoft VPN problem

11. Microsoft VPN vs. Linux VPN

12. How configure PPPD for a LINUX WWW server by lease (asyn) line

13. help , how to set ppp server on linux under leased line