I ran into this same problem using OpenBSD as a firewall also... Don't
know why it is so difficult for everyone to behave nicely together. I
love Linux/Unix because of the security, reliability, and the "geek" in
me says it's cool. But I have to face reality - the majority of the
computers out there on the desktop are using Windows. My corporate
network uses a Microsoft VPN (not SSH, or anything else that they could
have used), and I have DSL at home.

So I created a firewall using floppyfw (http://www.zelow.no/floppyfw/) -
it works great, easy to set up my DSL connection, NAT, port forwarding
was a piece of cake. There on that site they specifically tell you what
you need for a MS VPN connection, so just add that to your firewall
rules, reboot. Piece of cake! So now I can very easily connect from my
internal protected network thru the firewall to our corporate VPN. No
problems at all.

If you have questions about floppyfw and my setup or firewall rules,
e-mail me personally.

My floppyfw runs on an old Pentium 133, 24M memory, no hard drive
required (I don't care for logging currently - I have other things to do
that to watch my logs) - but supposedly you can send syslog to another
box inside your firewall also.

-----Original Message-----
From: Rainer Hofmeister [mailto:rhwebkom.net]
Sent: Thursday, February 06, 2003 7:19 AM
To: suse-securitysuse.com
Subject: [suse-security] MS VPN over SuSefirewall2 (7.3)

Hi,

I'm trying to build a VPN tunnel from an internal Win2K machine to a
server on the Internet (also MS). We are using a SuSEfirewall2 (SuSE
7.3) to protect our internal Lan. The internal Lan is masqueraded.

Is there a way to configure the firewall to allow VPN connections from
the Win2K machine?

I opened the following ports in FW_MASQ_NETS:

10.0.0.0/24,0/0,tcp,1723
10.0.0.0/24,0/0,udp,1723
10.0.0.0/24,0/0,tcp,47
10.0.0.0/24,0/0,udp,47
10.0.0.0/24,0/0,udp,500

This didn't work. I read somewhere that the communication over port 47
is not tcp or udp but gre. Since I can't set that in SuSEfirewall2 I
tried to open up the complete network by using:

10.0.0.0/8

This didn't help, either. Connecting the Win2K machine directly to the
ISDN router works so there seems to be no problem with its
configuration.

Is it possible to configure VPN over SuSEfirewall2 at all? If yes, what
am I doing wrong?

Best regards,
Rainer

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]