Re: [PLUG] vpn difficulties (PPTP)

mg on Sat, 4 Nov 2000 17:48:36 -0500 (EST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] vpn difficulties (PPTP)

From: mg <mg@infinity.stf.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] vpn difficulties (PPTP)

Date: Sat, 4 Nov 2000 18:47:51 -0500 (EST)

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

Just an update on my situation for anyone that's interested. Today I managed to get the vpn masquerading to work. The kernel 2.2.16-22 from redhat (and the one the one that ships with RH7) is *supposed* to already have the vpn masquerade patch applied. This is not exactly true. If you check out http://www.impsec.org/linux/masquerade/ip_masq_vpn.html you'll find a short blurb about a little patch for the aforementioned kernel that fixes a small problem. Apply that patch, recompile, and voila! VPN masquerading. Now, for any of you who might be doing this at some point I thought I'd share two pieces of misinformation contained in the VPN Masquerading-Howto that can really leave you scratching your head. Both of these things are found in section 3.4. First, when the author lists the 2.2.x kernel options that must be enabled, he incorrectly lists CONFIG_IP_ALWAYS_DEFRAG. That option existed in the 2.0.x series kernels but you WILL NOT find that in the 2.2.x series. Instead, the functionality that you would get by enabling that option is *automatically* included when you enable normal ip masquerading. So basically, when you dont see this in your kernel dont sweat it. Second (and this is the real pain in the but), the howto says that once you boot your new, patched kernel you should check /proc/ksyms or "ip_fw_masq_gre" and "ip_fw_demasq_gre". It goes on to say that if you dont see these two, then you probably dont have vpn (pptp) support in your kernel and that you should check to be sure that you've applied the correct patches. This is not true. My (working) vpn kernel/modules do NOT have these in /proc/ksyms. Maybe this was another thing that applies to 2.0.x kernels and not 2.2.x kernels. I dont know, I only patched 2.2. :) Maybe it does apply to some 2.2.x kernels but certainly not kernel 2.2.16-22 from Red Hat. Instead, you might look for the following: ip_masq_out_get_gre ip_masq_in_get_gre ip_masq_gre ip_demasq_gre Anyway, hope this will help someone out at some point. Thanks to everyone. mg ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

Re: [PLUG] vpn difficulties (PPTP)
From: Bill Jonas <bill@billjonas.com>

Prev by Date: Re: [PLUG] two questions (printer and xfree86 4.0) ...

Next by Date: Re: [PLUG] two questions (printer and xfree86 4.0) ...

Previous by thread: Re: [PLUG] vpn difficulties (PPTP)

Next by thread: Re: [PLUG] vpn difficulties (PPTP)

Index(es):

Date

Thread