|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] request for help in testing something...
|
Hi Kyle,
Sounds alot like what I am trying to do. We're trying to get CheckPoint's
SecureClient to work on our network. We use IP Masq to provide internet
connectivity. Unfortunatley, it seems the standard 2.2 kernel with IP Masq
can't handle protocols 47 and 94 (GRE and ISAKMP). I read through the VPN
how-to last night and thought it would work with the 2.2 kernels. It
doesn't?
You think your modifications work with the 2.2 kernel? If so, I'll try to
download and install them. Then, I'll work through the VPN How-To. If there
is no problem, I'll be willing to work with you.
Chuck
P.S. Folks -- Sorry about the errant post by DH@Cody. I forwarded a message
to him and, for some reason, his reply was sent to this list.
-----Original Message-----
From: plug-admin@lists.nothinbut.net
[mailto:plug-admin@lists.nothinbut.net]On Behalf Of Kyle Burton
Sent: Friday, January 28, 2000 11:34 AM
To: PLUG - Philadelphia Area Linux Users Group
Subject: [PLUG] request for help in testing something...
First, I've heard that the 2.2 series of kernels breaks the methodology
used to create VPNs based on the VPN mini howto. The reason that 2.2
breaks the methodology, afaik, is that it breaks the pty-redir utility.
The reason this happens, afaik, is because pty-redir looks for the
controlling pty by stepping through all of the ptys in the /dev directory
looking for the first one that it finds that is both readable and writable
by the uid of the process running pty-redir. Again, afaik, this breaks on
2.2 because of the unix98 ptys -- they're in /dev/pts, and named differently
(eg: /dev/pts/1) instead of /dev/pty??. So, I looked at the sources for
pty-redir and tried to get it to work for the 2.2 kernel.
One major change I made was to use ttyname(3) instead of trying to find
the name by searching the file system -- so this should deterministicly
get the pty name -- and, in theory, it should work for 2.2 and 2.0 series
kernels, as we're not searching for the file name, we're asking for the
name.
Anyway, my problem is I can't really test the rest of the equasion -- I
don't have 2 boxes where I can try setting up a VPN between.
My question to those of you on the list is: would anyone on the list be
will be willing to help me test this version of pty-redir2 to see if it
can be used under either kernel version to create a VPN based on the
instructions in the VPN howto. The 'new' version can be obtained from:
http://www.bgw.org/projects/pty-redir2/
If you do wish to try it, please download the pty-redir2-20000128.tar.gz,
the pty-redir2.tar.gz was the first version and tried to follow the original
pty-redir's methodology for finding the controlling pty, which could have
lead to problems (I think), so it's probably best not to use it.
Thanks for your time,
Kyle
----------------------------------------------------------------------------
--
Live fast, die young, and leave a good looking corpse.
-- James Dean
mortis@voicenet.com
http://www.voicenet.com/~mortis
----------------------------------------------------------------------------
--
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
|
|