<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "Renato Salles" <rsalles,AT,rsnetservices,DOT,com,DOT,br>,<cipe-l,AT,inka,DOT,de>
Subject: Re: No way
From: "Michael DeCamp" <Michael.DeCamp,AT,mindspring,DOT,com>
Date: Wed, 9 Jul 2003 05:27:18 -0400
References: <Pine.LNX.4.44.0307081059330.7165-100000@libra.rsnetservices.com.br>

I didn't really look at your configuration to check routes, etc., but will
share that there is an incompatibility (bug) in the version of CIPE (1.4.5)
included in Red Hat 7.0 - 9.0 and iptables.  My experience was the same as
yours:  I couldn't get traffic past the Linux server running iptables.  If
you search the archives you may find some more details.  This is supposed
to have been fixed in the current release of CIPE. (1.5.4).

So you have two options:

1)  Get the latest sources for CIPE and rebuild on your Linux server.  The
documentation and other supporting
information for this option are not great.  You may have to rebuild the
kernel as well.

2)  Use ipchains instead of iptables.  This does not have the flexibility
of iptables but does work with CIPE 1.4.5.

Hope this helps...


----- Original Message ----- 
From: "Renato Salles" <rsalles,AT,rsnetservices,DOT,com,DOT,br>
To: <cipe-l,AT,inka,DOT,de>
Sent: Tuesday, July 08, 2003 10:16 AM
Subject: No way

> Well, after two days working over the VPN setup, things seems to have
> stoped at one point and denied to go further.
> I'll try to explain this very common setup for a VPN.
> A client running Win2k, accessing a corporate LAN also running Win2k, and
> a Linux server with Red Hat 9.0 between then in the office side.
> CIPE seems to be constructed in a manner that the VPN must be integrated
> between client and gateway, not client-to-client!
> The hole think is that i wasn't able to make the udp packets cross the
> IPTABLES firewall, no matter what the rulesets changes i've donne. Maybe
> my lack of imagination or expertise.
> The experience was made also with a guest (someone comming from outside
> the office) running Linux, and trying to "talk" to another linux machine
> inside the corporate LAN: the result remains the same. No way to make the
> udp packets cross in and out the firewall. I tryed almost anything you
> imagine about firewall and cipe i found in the maillist and google, also
> the docs from the distro's which "packs" cipe.
> And finally, i tryed a udp-proxy, without success.
> ANY help wuold be apreciated,
> TIA,
> RSalles
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:

<< | Thread Index | >> ]    [ << | Date Index | >> ]