Re: IPSec VPN

To: debian-security@lists.debian.org
Subject: Re: IPSec VPN
From: "J.H.M. Dassen $Ray$" <dm@zensunni.demon.nl>
Date: Sun, 11 Aug 2002 17:51:59 +0200
Message-id: <[🔎] 20020811155159.GA18623@zensunni>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 000801c2414d$63dcd7e0$6400a8c0@MELLY>
References: <[🔎] 20020805105041.GA7865@dat.etsit.upm.es> <[🔎] 000801c2414d$63dcd7e0$6400a8c0@MELLY>

On Sun, Aug 11, 2002 at 17:40:15 +0200, Jens Hafner wrote:
> Things start to break as soon as I connect the laptop to my private
> network (192.168.0.0/24) whose default gateway is a debian (woody, kernel
> 2.2.19) box. I configured the gateway to accept protocol 50 packages and
> port 500 connections in the following way:

You may need to accept protocol 51 (AH packet-level authentication) as well.

> The extranet client always gives me an error message like: "BannerSock:
> The attempt to connect timed out without establishing a connection". I
> couldn't find any documentation covering this case on the net. All I found
> were lots of documents where the Linux box was one end of the VPN
> connection itself but none covered my case in which the debian box only
> masquerades and forwards the encrypted packages packets.

http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/firewall.html
discusses some of the issues between IPsec and NAT.

HTH,
Ray
-- 
"Never trust a poll you haven't rigged yourself."

Reply to:

References:
- Re: port 12980/udp
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- IPSec VPN
  - From: "Jens Hafner" <jens.h@fner.org>

Prev by Date: IPSec VPN
Next by Date: Re: IPSec VPN
Previous by thread: IPSec VPN
Next by thread: Re: IPSec VPN
Index(es):
- Date
- Thread