hey guys...
well, i have quite a complicated situation.. i am setting up a connection
to the internet using a VPN tunnel, and RADIUS.. here is the network layout...
1. requesting user with Windows 98 VPN client
2. pass-thru via multi-homed Windows 2000 Server running Remote Access Server
and Routing VPN server, connected to Windows 98 segment and Linux masquerader
segment
3. authenticated by RADIUS server located on the Windows 2000 Server and
masquerader segment
3. masqueraded thru a linux box using IPChains and two network cards onto
the public internet
4. connection to the cisco router gateway and then redirected back to squid
server, transparently....
now, here is how it works... a user on the Windows 98 box launches MS-VPN
client which is configured to connect to the Windows 2000 Server box.. the
Win2k box then uses its Remote Access and Routing server to send Radius
Auth and Accounting packets to the RADIUS server on its second network interface...
the authentication goes well, and the Windows 98 user is authenticated and
connected, then assigned an IP on the Linux masquerader network, effectively
using VPN to localise the user....
now, when it comes to using the internet,
the Windows 98 user can connect to all local web servers and other non-HTTP
services anywhere.. the problem comes when the user sends an HTTP request
to a non-local domain, such as or the user
can resolve the domain name, and connect to the site, but can't download
any content.. the connection just sits there, hanging, and waiting, and
nothing happens....
we had a feeling it might have something to do with squid, so we disabled
the transparent redirect on the router, and voila, we were able to connect,
albeit without squid, which meant a little slower... when we re-enabled
squid, we got the same problem again....
upon running sniffer, we saw that the windows 98 box makes several re-transmissions....
and then becomes considered an un-responsive station....
could anyone
have any idea why this connection doesn't work with the squid enabled...?..
even with squid IPs defined in the browser, same problem... does the IP
change squid does to the packet make the return packet null and void to
the windows 98 user..?..
all help will be appreciated.. thanks...
AKNIT
well, i have quite a complicated situation.. i am setting up a connection
to the internet using a VPN tunnel, and RADIUS.. here is the network layout...
1. requesting user with Windows 98 VPN client
2. pass-thru via multi-homed Windows 2000 Server running Remote Access Server
and Routing VPN server, connected to Windows 98 segment and Linux masquerader
segment
3. authenticated by RADIUS server located on the Windows 2000 Server and
masquerader segment
3. masqueraded thru a linux box using IPChains and two network cards onto
the public internet
4. connection to the cisco router gateway and then redirected back to squid
server, transparently....
now, here is how it works... a user on the Windows 98 box launches MS-VPN
client which is configured to connect to the Windows 2000 Server box.. the
Win2k box then uses its Remote Access and Routing server to send Radius
Auth and Accounting packets to the RADIUS server on its second network interface...
the authentication goes well, and the Windows 98 user is authenticated and
connected, then assigned an IP on the Linux masquerader network, effectively
using VPN to localise the user....
now, when it comes to using the internet,
the Windows 98 user can connect to all local web servers and other non-HTTP
services anywhere.. the problem comes when the user sends an HTTP request
to a non-local domain, such as or the user
can resolve the domain name, and connect to the site, but can't download
any content.. the connection just sits there, hanging, and waiting, and
nothing happens....
we had a feeling it might have something to do with squid, so we disabled
the transparent redirect on the router, and voila, we were able to connect,
albeit without squid, which meant a little slower... when we re-enabled
squid, we got the same problem again....
upon running sniffer, we saw that the windows 98 box makes several re-transmissions....
and then becomes considered an un-responsive station....
could anyone
have any idea why this connection doesn't work with the squid enabled...?..
even with squid IPs defined in the browser, same problem... does the IP
change squid does to the packet make the return packet null and void to
the windows 98 user..?..
all help will be appreciated.. thanks...
AKNIT