Dan Browning wrote:
>
> The VPN-Masq homepage
> (http://www.impsec.org/linux/masquerade/ip_masq_vpn.html) says:
>
> "RedHat has included the VPN patch in kernels 2.2.16-8 and later."
>
> I'm running 2.2.16-22, so I assume that I have the patch. (Would
> there be an easy way to check /usr/src/linux/... to see if I really
> have it or not? Would it be quicker if I just downloaded/compiled
> 2.2.17+vpn_patch instead?)
>
> Does this have anything to do with ip_masq_ipsec?
>
> But assuming that I do have it, what is the next step? The HOWTO
> didn't mention port forwarding, but I think I might have to.
>
> Again, thanks for all your help,
>
> Best regards,
>
> Dan Browning
> Network/DB Admin
> Cyclone Computer Systems
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Cokey de Percin
> > Sent: Wednesday, November 08, 2000 6:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: VPN + Masquerade (ISAKAMP): ip_masq_ipsec?
> >
> >
> > Dan Browning wrote:
> > >
> > > Hello,
> > >
> > > I'm trying to allow ISAKAMP on my linux box that does NAT for a
> > > windows network. I am reading the VPN-Masquerade-HOWTO, and did
> > > everything it suggested, but it still does not work. One thing I
> > > could not find on my RedHat 7.0 box was "ip_masq_ipsec"
> > module. Where
> > > is that module? Do I need it?
> > >
> > [big snip!]
> >
> > You must patch the kernel for VPM-Masq. AFAIK it doesn't come with
> > RH or any other distro. If you're reading the HOWTO, it should tell
> > you where to get the patch and how to apply it. I belive there's
> > patches up through 2.2.16.
> >
> > Cokey
> >
> > --
Ok, while I use RH, I usually roll my own kernels, so I don't keep up
with RH's kernels. If you don't have ip_masq_ipsec as a module, I
suggest you pull down the source and browse the .config file to see
what's been enabled. The patch is probably included in the source, but
not enabled. Not too many of use using it. Once you get a good
kernel installed, make your first few connections with your firewall
either down or at minimum to eliminate it as a problem. I suggest you
do NOT attach the entire network to this box when you do this! Once
it works, futz with the firewall.
Best
Cokey
--
------------------------------------------------------------------
Cokey de Percin, DBA Email:
Mynd Corp. (Soon to be CSC) Work - [EMAIL PROTECTED]
Columbia, South Carolina Home - [EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
