[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IPSec VPN

Hi,

I'm trying to connect my Win2k professional Laptop to my company's VPN.
I am using the "Nortel Extranet Access Client V02_62.33", which uses the
IPSec protocol. Everything just works fine as long as the laptop is
directly connected to the Internet (e.g. by a dialup connection). Things
start to break as soon as I connect the laptop to my private network
(192.168.0.0/24) whose default gateway is a debian (woody, kernel
2.2.19) box. I configured the gateway to accept protocol 50 packages and
port 500 connections in the following way:

----------%<---------------%<-----------------%<---------
/sbin/ipchains -I input -p udp --dport 500 --sport 500 -j ACCEPT
/sbin/ipchains -I output -p udp --dport 500 --sport 500 -j ACCEPT
/sbin/ipchains -I input -p 50 -j ACCEPT
/sbin/ipchains -I output -p 50 -j ACCEPT
----------%<---------------%<-----------------%<---------

I also configured the kernel to masquerade all packages:

----------%<---------------%<-----------------%<---------
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
----------%<---------------%<-----------------%<---------

The extranet client always gives me an error message like:
"BannerSock: The attempt to connect timed out without establishing a
connection". I couldn't find any documentation covering this case on the
net. All I found were lots of documents where the Linux box was one end
of the VPN connection itself but none covered my case in which the
debian box only masquerades and forwards the encrypted packages packets.
My questions are: Am I misconfiguring anything?
I am using the original kernel. Do I need to patch the kernel?

Thanks for your help

Jens
Reply to: