|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] request for help in testing something...
|
Kyle, have you had any luck?
I was reading through the VPN How-To again last night and I'm confused. One
one hand, it says you have to apply the patches to pass GRE and ISAKMP
packets. Then, if you follow the links, it tells you that the stock 2.2
kernel can pass those packets. You only need to make the mods if your
server is going to vpn masq the clients...not if the clients are running
something like CheckPoint's SecureRemote.
But, it gets better. Reading the links, they also tell you that they have
had no sucess with Checkpoint's FWZ protocol.
So...what is one to do? Is it all really necessarity to go through the
hassles of patching the 2.2 kernel?
cjs
-----Original Message-----
From: plug-admin@lists.nothinbut.net
[mailto:plug-admin@lists.nothinbut.net]On Behalf Of Kyle Burton
Sent: Friday, January 28, 2000 11:34 AM
To: PLUG - Philadelphia Area Linux Users Group
Subject: [PLUG] request for help in testing something...
First, I've heard that the 2.2 series of kernels breaks the methodology
used to create VPNs based on the VPN mini howto. The reason that 2.2
breaks the methodology, afaik, is that it breaks the pty-redir utility.
The reason this happens, afaik, is because pty-redir looks for the
controlling pty by stepping through all of the ptys in the /dev directory
looking for the first one that it finds that is both readable and writable
by the uid of the process running pty-redir. Again, afaik, this breaks on
2.2 because of the unix98 ptys -- they're in /dev/pts, and named differently
(eg: /dev/pts/1) instead of /dev/pty??. So, I looked at the sources for
pty-redir and tried to get it to work for the 2.2 kernel.
One major change I made was to use ttyname(3) instead of trying to find
the name by searching the file system -- so this should deterministicly
get the pty name -- and, in theory, it should work for 2.2 and 2.0 series
kernels, as we're not searching for the file name, we're asking for the
name.
Anyway, my problem is I can't really test the rest of the equasion -- I
don't have 2 boxes where I can try setting up a VPN between.
My question to those of you on the list is: would anyone on the list be
will be willing to help me test this version of pty-redir2 to see if it
can be used under either kernel version to create a VPN based on the
instructions in the VPN howto. The 'new' version can be obtained from:
http://www.bgw.org/projects/pty-redir2/
If you do wish to try it, please download the pty-redir2-20000128.tar.gz,
the pty-redir2.tar.gz was the first version and tried to follow the original
pty-redir's methodology for finding the controlling pty, which could have
lead to problems (I think), so it's probably best not to use it.
Thanks for your time,
Kyle
----------------------------------------------------------------------------
--
Live fast, die young, and leave a good looking corpse.
-- James Dean
mortis@voicenet.com
http://www.voicenet.com/~mortis
----------------------------------------------------------------------------
--
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
|
|