VPN with Linux

[Guest_imported]

Hi,
I setup a FreeSwan VPN on my Suse 7.2 server. But I am unable to connect from a Win2k box to this VPN. Does anyone did this? I am curios if this can be done and how...
Thanks
Sorin

 

[ifincham]

Hi,

As far as I know, Freeswan can interoperate with PGP and F-Secure (& maybe others) in a windows environment. There are pointers to some howtos here -->

http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/interop.html#otherpub

.

Rgds

 

[Tels]

Hi there, I have posted quite a few related questions to what I am about to ask, I am hoping that the Linux experts out there have the answers I need!

Basically, I am configging our Network (Win2000 native domain) for a permanant registered IP.

The idea is, we have a gateway proxy/firewall machine and we route VPN through it into the Win2k server.

The VPN connections also come in from fixed IP's

After hearing many good things about Linux's firewalling and stability, I decided to give it a shot (and I may well bloody shoot it too) This is where I am now.

Theory is fine, practise is harder. I am lost here, I try to use the iptable command, tells me that insmod can't insmod the ip_tables.o (using redhat 7.1-kernel 2.4.2-2)
something like Init_module: device or resource busy

Anyway, I've been told that I may need to recompile the kernel. I know what this means, I havn't got a clue how to. I've read the o so easy HowTo's but I am still without a clue.

(They tell you step by step easy enough but I don't know what I need in the first place and they assume you have all the bits you need - maybe I do but I don't know what or where they are, the 'source code', for example)

Secondly, so that I can tweak and test it to perfection (once I have it running even) I want to set it up on a test rig.
The Linux box has 2 NIC's, eth1 & eth0, one is connected to the network, 192.168.0.0 and the other is connected to a win2000 pro machine, 192.168.4.0 - The linux box can ping anything on the network so I know the NIC config and hardware are OK.

So far (3 days) I have been using KDE's Network Config panel to try and configure routing, (making sure that the firewall's default policies are ACCEPT of course)
and so far I have had no joy.

Please, If anybody has a clue what to do, where to go, what to recompile please let me know, I am getting bored of reading cryptic error messages and I want a result or two to brighten up my day

PS If anyone points me to any help pages, please point me to ones with examples. I thrive on examples which is why I hate MAN pages more than any other form of help on this world


Thanks to anybody who can help me for pint$ = 1 to 20
for pint$ = pint$ + 1
if pint$ = 20 goto HOME
next pint$

 

[Guest_imported]

Hi,
Thanks ifincham for your reply. I am reading now the documentation and hopefully I'll get it done.
Tels - compiling the Linux kernel is no big deal...
Steps:
1) make sure that all the development environment is installed (egcs rpm's, asm86, etc)
2) perform a:
make menuconfig
from the /usr/src/linux (sym link to your kernel tree)
3) Select your options carefully - do not install the things you don't need, read the help. Do not install modules if you really do not have to.
4) If you have installed modules do:
make modules
make modules_install
5) make
6) make install
7) make sure that the new image is in the /boot dir. Modify /etc/lilo.conf (add a new image using the existing images as a model - do not set it default unless you test it)
8) Ran lilo to update the changes in lilo.conf
end) make clean (if you want to clean the compiled stuff)
I will recommend the book Securing and Optimizing Linux from

http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3.pdf

it contains many answers for your problems.
Sorin

 

[Tels]

Blinding. I'll go look at that ASAP. - looks very relevant.
I'll let you know how I get on.
Thanks buddy

Tels for pint$ = 1 to 20
for pint$ = pint$ + 1
if pint$ = 20 goto HOME
next pint$

 

[TheRAt]

Tels:

insmod can't insmod the ip_tables.o

This is because even though RH7.1 can run an IPTables based firewall, it is configured by default to use IPChains, and these cannot run at the same time. First try:

rmmod ipchains

also remember to set the default firewall settings to NONE otherwise it will start an IPChains firewall again on a restart...

then try playing around with IPTables and this should work.

The Linux box has 2 NIC's, eth1 & eth0, one is connected to the network, 192.168.0.0 and the other is connected to a win2000 pro machine, 192.168.4.0 - The linux box can ping anything on the network so I know the NIC config and hardware are OK/

I assume that you have 2 nets plugged into the linux box and are trying to route traffic from net 1 to net 2. Make sure that you have ip forwarding turned on... try the following line:

echo 1 > /proc/sys/net/ipv4/ip_forward

Hope this has been some help AV
tnedor@yahoo.com

Did this post help? Click below to let me know.

 

[Tels]

Well, You were right, I was lucky. I installed StarOffice, and run the config program in the staroffice dir, which allowed me to switch off ip_chains, and set the firewall policy to off. I have since been able to get ip_tables up n running.

However I type the line you told me, (for ip_forward) and I get the same prompt,no error message or anything else for that matter. maybe it works maybe not?

I'll go try it now.
Cheers
Tels
for pint$ = 1 to 20
for pint$ = pint$ + 1
if pint$ = 20 goto HOME
next pint$

 

[TheRAt]

It should not give you a message. All it is doing is entering a "1" into the file /proc/sys/net/ipv4/ip_forward which should tell your machine that you wish it to forward packets.

If this is a RedHat box, you could get the same effect by making sure that

FORWARD_IPV4=true

appears in the /etc/sysconfig/network file.

Let us know hoe you go with this. AV
tnedor@yahoo.com

Did this post help? Click below to let me know.