Re: ESP disapear throught my debian GW

To: Esteban <esteban@alstec.fr>, debian-user@lists.debian.org
Subject: Re: ESP disapear throught my debian GW
From: Fraser Campbell <fraser@wehave.net>
Date: Mon, 3 Feb 2003 06:47:54 -0500
Message-id: <[🔎] 200302030647.55300.fraser@wehave.net>
In-reply-to: <[🔎] 20030203132515.70731b77.esteban@alstec.fr>
References: <[🔎] 20030203132515.70731b77.esteban@alstec.fr>

Esteban wrote:

> In the other side, when an ESP packet comes from VPN2 with destination
> my Linux GW, I try to DNAT it to my VPN1. But same thing, I can see it
> with tcpdump on my external interface, but I still can't see it in the
> first NAT PREROUTING chain. ...
>
> My Linux GW is a debian with 2.4.19-grsec kernel.

I've only worked with configurations like yours under the 2.2 kernel.  On that 
kernel life is a lot easier if you apply the ip_masq_ipsec patches.  
netfilter in 2.4 seems to include ipsec masquerading modules by default so 
you probably won't need to patch.  On my system here are the two relevant 
modules:

  /lib/modules/2.4.20-k7/kernel/net/ipv4/netfilter/ipt_ah.o
  /lib/modules/2.4.20-k7/kernel/net/ipv4/netfilter/ipt_esp.o

Perhaps try loading these two modules to see if improves the situation.

Fraser

Reply to:

References:
- ESP disapear throught my debian GW
  - From: Esteban <esteban@alstec.fr>

Prev by Date: ACPI & USB not working simultaneously
Next by Date: Re: Disk Corruption (was: Disk formatting)
Previous by thread: ESP disapear throught my debian GW
Next by thread: CD Player no sound
Index(es):
- Date
- Thread