Talderon
12-30-2002, 11:36 PM
Now remember, I am running an LRP distro of Linux (http://lrp.steinkuehler.net/index.html) and am performing an IPSec VPN Passthrough Connection (VPN from Client behind Firewall to VPN Gateway Server). I am not connecting one network to another or enabling VPN access into my network...
Linux Router System:
Dell Optiplex GXL 5166 (Found this on the FREE table)
Pentium 166
64MB RAM
1.44MB Floppy
8X IDE CD-ROM
3Com (509c) 10mbit onboard NIC
Netgear 10/100 PCI (using the Tulip Linux Driver Module)
ADSL Internet Connection
I am running Dachstein firewall CD/Floppy Image.
With all that said, here I go!
First things first, I needed to get the IPSec Module loaded. Fortunately, it was included in the CD-ROM version of the distro that I am running, it was just a matter of editing the Modules File and uncoment the line with "ip_masq_ipsec" in it. In case you are running a floppy only version, you need to download the module "ip_masq_ipsec.o" module (refer to the documentation to install it).
Once this is done, you need to edit the "/etc/network.conf" file. You can do this manually or through the Menu Interface (the easy way to get to the file).
You may want to refer to a document by Lynn Avants about port forwarding with this Distro located here: http://sourceforge.net/docman/display_doc.php?docid=10418&group_id=13751
Ok... Once you get the "/etc/network.conf" file open, you need to scroll down to where you see "IP FILTER SETUP". Under there, you want to add some stuff:
Go to: ## UDP services open to outside world
Add: EXTERN_UDP_PORTS="0/0_500"
Where the 0/0 is, you can add the IP/Gateway to the VPN on the outside (company's VPN Gateway).
Go to: ##Generic services open to outside world
Add: EXTERN_PROTO0="50 0/0 192.168.1.25/24"
Again, where the 0/0 is, you can add the IP/Subnet to the VPN on the outside (company's VPN Gateway).
The 0/0 (that is the number ZERO and not the letter "O") accepts connections from anywhere on the net. This is what I used in my case due to my company having multiple IP's for their VPN Gateway and I did not want to have to track them all down.
The 192.168.1.25 in this case would be the Static IP address of the client that needs to perform the VPN passthrough. I have heard you can do this with the client having a dynamic IP, but static is more stable I guess. I perfer static in my case.
Ok... now for the port forwarding...
While you have the "/etc/network.conf" file open, add the following:
Go to: ##Port Forwarding
Add: INTERN_SERVERS="udp_${EXTERN_IP}_500_192.168.1.25_500"
Now, add it EXACTLY like that (with the exception of the internal IP address for the client). The variable ${EXTERN_IP} is used so you don't have to input an ip for your xDSL/Cable connection since most of us don't have static IP's...
Now you have all that done, you need to back the /etc onto your floppy (use the backup option in the menu) and re-start the box. Once it is back up and running, you should have VPN Passthrough working!!!
*NOTE*
PLEASE remember that I am using an LRP distro of Linux (http://lrp.steinkuehler.net/index.html). This may work with others, so PLEASE read the documentation that came with yours.
Have Phun!!!
Linux Router System:
Dell Optiplex GXL 5166 (Found this on the FREE table)
Pentium 166
64MB RAM
1.44MB Floppy
8X IDE CD-ROM
3Com (509c) 10mbit onboard NIC
Netgear 10/100 PCI (using the Tulip Linux Driver Module)
ADSL Internet Connection
I am running Dachstein firewall CD/Floppy Image.
With all that said, here I go!
First things first, I needed to get the IPSec Module loaded. Fortunately, it was included in the CD-ROM version of the distro that I am running, it was just a matter of editing the Modules File and uncoment the line with "ip_masq_ipsec" in it. In case you are running a floppy only version, you need to download the module "ip_masq_ipsec.o" module (refer to the documentation to install it).
Once this is done, you need to edit the "/etc/network.conf" file. You can do this manually or through the Menu Interface (the easy way to get to the file).
You may want to refer to a document by Lynn Avants about port forwarding with this Distro located here: http://sourceforge.net/docman/display_doc.php?docid=10418&group_id=13751
Ok... Once you get the "/etc/network.conf" file open, you need to scroll down to where you see "IP FILTER SETUP". Under there, you want to add some stuff:
Go to: ## UDP services open to outside world
Add: EXTERN_UDP_PORTS="0/0_500"
Where the 0/0 is, you can add the IP/Gateway to the VPN on the outside (company's VPN Gateway).
Go to: ##Generic services open to outside world
Add: EXTERN_PROTO0="50 0/0 192.168.1.25/24"
Again, where the 0/0 is, you can add the IP/Subnet to the VPN on the outside (company's VPN Gateway).
The 0/0 (that is the number ZERO and not the letter "O") accepts connections from anywhere on the net. This is what I used in my case due to my company having multiple IP's for their VPN Gateway and I did not want to have to track them all down.
The 192.168.1.25 in this case would be the Static IP address of the client that needs to perform the VPN passthrough. I have heard you can do this with the client having a dynamic IP, but static is more stable I guess. I perfer static in my case.
Ok... now for the port forwarding...
While you have the "/etc/network.conf" file open, add the following:
Go to: ##Port Forwarding
Add: INTERN_SERVERS="udp_${EXTERN_IP}_500_192.168.1.25_500"
Now, add it EXACTLY like that (with the exception of the internal IP address for the client). The variable ${EXTERN_IP} is used so you don't have to input an ip for your xDSL/Cable connection since most of us don't have static IP's...
Now you have all that done, you need to back the /etc onto your floppy (use the backup option in the menu) and re-start the box. Once it is back up and running, you should have VPN Passthrough working!!!
*NOTE*
PLEASE remember that I am using an LRP distro of Linux (http://lrp.steinkuehler.net/index.html). This may work with others, so PLEASE read the documentation that came with yours.
Have Phun!!!