[ale] VPN connections through firewall

[Wandered Inn]

Gary S MacKay wrote:
> 
> I have a Win2K pro machine behine a linux machine running RedHat 7.0
> with 2.2.16-22 kernel. I've installed the ip_masq_pptp module also. When
> I try to connect to the remote site, it will get to the point of
> "Verifing password..." and then timeout. I have verified that the remote
> site works by dialing into the internet via modem from the Win box and I
> can connect to the VPN just fine.

I'm doing much the same, although mine is behind two separate firewall
machines. You should have added some ipchains to properly pass the
transactions.  There's a really good description in one of the howto's,
vpn-howto or vpn-masq-howto, or something like that.

Have you seen this doc?

> 
> Problem:
> Whenever I try to connect to a Netopia R910 router at a client site, I
> get these entries from a tcpdump on my firewall:
> 
> 10:51:00.823238 > myIP > remoteIP: icmp: myIP protocol 47 unreachable
> [tos 0xc0]
> 10:51:03.463238 > gre-proto-0x880B (gre encap)
> 10:51:03.813238 < gre-proto-0x880B (gre encap)
> 10:51:03.813238 > myIP > remoteIP: icmp: myIP protocol 47 unreachable
> [tos 0xc0]
> 
> It just repeats until the Win box times out with an error that a port
> was not connected.
> 
> Question:
> What piece of the puzzle am I missing?
> 
> - Gary
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

--
Until later: Geoffrey		esoteric at denali.atlnet.com

"Great spirits have always found violent opposition from mediocre minds.
The
latter cannot understand it when a man does not thoughtlessly submit to
hereditary prejudices but honestly and courageously uses his
intelligence."
- Albert Einstein
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.