Hi, I'm trying to connect my Win2k professional Laptop to my company's VPN. I am using the "Nortel Extranet Access Client V02_62.33", which uses the IPSec protocol. Everything just works fine as long as the laptop is directly connected to the Internet (e.g. by a dialup connection). Things start to break as soon as I connect the laptop to my private network (192.168.0.0/24) whose default gateway is a debian (woody, kernel 2.2.19) box. I configured the gateway to accept protocol 50 packages and port 500 connections in the following way:
----------%<---------------%<-----------------%<--------- /sbin/ipchains -I input -p udp --dport 500 --sport 500 -j ACCEPT /sbin/ipchains -I output -p udp --dport 500 --sport 500 -j ACCEPT /sbin/ipchains -I input -p 50 -j ACCEPT /sbin/ipchains -I output -p 50 -j ACCEPT ----------%<---------------%<-----------------%<--------- I also configured the kernel to masquerade all packages: ----------%<---------------%<-----------------%<--------- /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ ----------%<---------------%<-----------------%<--------- The extranet client always gives me an error message like: "BannerSock: The attempt to connect timed out without establishing a connection". I couldn't find any documentation covering this case on the net. All I found were lots of documents where the Linux box was one end of the VPN connection itself but none covered my case in which the debian box only masquerades and forwards the encrypted packages packets. My questions are: Am I misconfiguring anything? I am using the original kernel. Do I need to patch the kernel? Thanks for your help Jens
