mg on Sat, 4 Nov 2000 17:48:36 -0500 (EST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] vpn difficulties (PPTP)




Just an update on my situation for anyone that's interested. Today I
managed to get the vpn masquerading to work. The kernel 2.2.16-22 from
redhat (and the one the one that ships with RH7) is *supposed* to already
have the vpn masquerade patch applied. This is not exactly true. If you
check out http://www.impsec.org/linux/masquerade/ip_masq_vpn.html you'll
find a short blurb about a little patch for the aforementioned kernel that
fixes a small problem. Apply that patch, recompile, and voila! VPN
masquerading. 

Now, for any of you who might be doing this at some point I thought I'd
share two pieces of misinformation contained in the VPN
Masquerading-Howto that can really leave you scratching your head. Both of
these things are found in section 3.4. First, when the author lists the
2.2.x kernel options that must be enabled, he incorrectly lists
CONFIG_IP_ALWAYS_DEFRAG. That option existed in the 2.0.x series kernels
but you WILL NOT find that in the 2.2.x series. Instead, the functionality
that you would get by enabling that option is *automatically* included
when you enable normal ip masquerading. So basically, when you dont see
this in  your kernel dont sweat it. 

Second (and this is the real pain in the but), the howto says that once
you boot your new, patched kernel you should check /proc/ksyms or
"ip_fw_masq_gre" and "ip_fw_demasq_gre". It goes on to say that if you
dont see these two, then you probably dont have vpn (pptp) support in your
kernel and that you should check to be sure that you've applied the
correct patches. This is not true. My (working) vpn kernel/modules do NOT
have these in /proc/ksyms. Maybe this was another thing that applies to
2.0.x kernels and not 2.2.x kernels. I dont know, I only patched 2.2. :)
Maybe it does apply to some 2.2.x kernels but certainly not kernel
2.2.16-22 from Red Hat. Instead, you might look for the following:

	ip_masq_out_get_gre
	ip_masq_in_get_gre
	ip_masq_gre
	ip_demasq_gre

Anyway, hope this will help someone out at some point. Thanks to everyone.

mg


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug