Michael DeCamp <Michael.DeCamp,AT,mindspring,DOT,com>|
Re: No way|
Renato Salles <rsalles,AT,rsnetservices,DOT,com,DOT,br>|
Wed, 9 Jul 2003 09:36:02 -0300 (BRT)|
Thanks for your advise. Your message seemed to me the only wich
has some consistence, from many i received from the list, asking for
the iptables rulesets, my internal deployment configuration, and others
( i consider this so evident and straightforward).
But i have right now two problems: first, i'm so bored and frustrated with
cipe that i've been considering using frees/wan or amrita VPN, second,
it's a question of honor ( honor and self-protection in business,
'cause we have clients waiting for that).
But i will keep you in touch anyway if we consider the possibility
to recompile the client's kernel and give to cipe a "second chance".
Anyhow, thank you again for your interest and for your help,
On Wed, 9 Jul 2003, Michael DeCamp wrote:
> I didn't really look at your configuration to check routes, etc., but will
> share that there is an incompatibility (bug) in the version of CIPE (1.4.5)
> included in Red Hat 7.0 - 9.0 and iptables. My experience was the same as
> yours: I couldn't get traffic past the Linux server running iptables. If
> you search the archives you may find some more details. This is supposed
> to have been fixed in the current release of CIPE. (1.5.4).
> So you have two options:
> 1) Get the latest sources for CIPE and rebuild on your Linux server. The
> documentation and other supporting
> information for this option are not great. You may have to rebuild the
> kernel as well.
> 2) Use ipchains instead of iptables. This does not have the flexibility
> of iptables but does work with CIPE 1.4.5.
> Hope this helps...
> ----- Original Message -----
> From: "Renato Salles" <rsalles,AT,rsnetservices,DOT,com,DOT,br>
> To: <cipe-l,AT,inka,DOT,de>
> Sent: Tuesday, July 08, 2003 10:16 AM
> Subject: No way
> > Well, after two days working over the VPN setup, things seems to have
> > stoped at one point and denied to go further.
> > I'll try to explain this very common setup for a VPN.
> > A client running Win2k, accessing a corporate LAN also running Win2k, and
> > a Linux server with Red Hat 9.0 between then in the office side.
> > CIPE seems to be constructed in a manner that the VPN must be integrated
> > between client and gateway, not client-to-client!
> > The hole think is that i wasn't able to make the udp packets cross the
> > IPTABLES firewall, no matter what the rulesets changes i've donne. Maybe
> > my lack of imagination or expertise.
> > The experience was made also with a guest (someone comming from outside
> > the office) running Linux, and trying to "talk" to another linux machine
> > inside the corporate LAN: the result remains the same. No way to make the
> > udp packets cross in and out the firewall. I tryed almost anything you
> > imagine about firewall and cipe i found in the maillist and google, also
> > the docs from the distro's which "packs" cipe.
> > And finally, i tryed a udp-proxy, without success.
> > ANY help wuold be apreciated,
> > TIA,
> > RSalles
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive: