<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Michael DeCamp <Michael.DeCamp,AT,mindspring,DOT,com>
Subject: Re: No way
From: Renato Salles <rsalles,AT,rsnetservices,DOT,com,DOT,br>
Date: Wed, 9 Jul 2003 09:36:02 -0300 (BRT)
Cc: cipe-l,AT,inka,DOT,de
In-reply-to: <001001c345fc$4b38e1c0$0903a8c0@torn.org>

Michael,
        Thanks for your advise. Your message seemed to me the only wich 
has some consistence, from many i received from the list, asking for 
the iptables rulesets, my internal deployment configuration, and others 
( i consider this so evident and straightforward).
But i have right now two problems: first, i'm so bored and frustrated with 
cipe that i've been considering using frees/wan or amrita VPN, second, 
it's a question of honor ( honor and self-protection in business, 
'cause we have clients waiting for that).
        But i will keep you in touch anyway if we consider the possibility 
to recompile the client's kernel and give to cipe a "second chance".
        Anyhow, thank you again for your interest and for your help,

        Renato Salles
        RSNetServices

On Wed, 9 Jul 2003, Michael DeCamp wrote:

> I didn't really look at your configuration to check routes, etc., but will
> share that there is an incompatibility (bug) in the version of CIPE (1.4.5)
> included in Red Hat 7.0 - 9.0 and iptables.  My experience was the same as
> yours:  I couldn't get traffic past the Linux server running iptables.  If
> you search the archives you may find some more details.  This is supposed
> to have been fixed in the current release of CIPE. (1.5.4).
> 
> So you have two options:
> 
> 1)  Get the latest sources for CIPE and rebuild on your Linux server.  The
> documentation and other supporting
> information for this option are not great.  You may have to rebuild the
> kernel as well.
> 
> 2)  Use ipchains instead of iptables.  This does not have the flexibility
> of iptables but does work with CIPE 1.4.5.
> 
> Hope this helps...
> 
> Michael
> 
> ----- Original Message ----- 
> From: "Renato Salles" <rsalles,AT,rsnetservices,DOT,com,DOT,br>
> To: <cipe-l,AT,inka,DOT,de>
> Sent: Tuesday, July 08, 2003 10:16 AM
> Subject: No way
> 
> 
> > Well, after two days working over the VPN setup, things seems to have
> > stoped at one point and denied to go further.
> > I'll try to explain this very common setup for a VPN.
> > A client running Win2k, accessing a corporate LAN also running Win2k, and
> > a Linux server with Red Hat 9.0 between then in the office side.
> > CIPE seems to be constructed in a manner that the VPN must be integrated
> > between client and gateway, not client-to-client!
> > The hole think is that i wasn't able to make the udp packets cross the
> > IPTABLES firewall, no matter what the rulesets changes i've donne. Maybe
> > my lack of imagination or expertise.
> > The experience was made also with a guest (someone comming from outside
> > the office) running Linux, and trying to "talk" to another linux machine
> > inside the corporate LAN: the result remains the same. No way to make the
> > udp packets cross in and out the firewall. I tryed almost anything you
> can
> > imagine about firewall and cipe i found in the maillist and google, also
> > the docs from the distro's which "packs" cipe.
> > And finally, i tryed a udp-proxy, without success.
> >
> > ANY help wuold be apreciated,
> >
> >
> > TIA,
> >
> >
> > RSalles
> >
> >
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 


<< | Thread Index | >> ]    [ << | Date Index | >> ]