LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Light at the end of the tunnel (https://www.linuxquestions.org/questions/linux-newbie-8/light-at-the-end-of-the-tunnel-299392/)

jason_gram89 03-08-2005 09:08 PM

Light at the end of the tunnel
 
Well, I installed Linux about two years ago, flattened by Windows 2000 box and just started over with RH 8. Fast-forward to the present and I am running Fedora. As a professional programmer I am comfortable working with the shell, plus I had quite a bit of Unix experience while at University. I have managed to find all the development tools that I need to work comfortably on my Linux box.

I only have one complaint: I need to connect to my windows machine (ideally through remote desktop) at work. Of course to do this I need a VPN connection to our watchguard firewall. Yes, yes I know that PPTP is potentially useful for this purpose. And yes I have already spent enough hours trying to get it to work to buy several windows boxes.. After several days spent playing with ifconfig, tcpdump, route, posting on forums and edititing configuration files I am still not able to do something that would have literally taken me ten minutes to do using a windows os. If I was back at the point when I was 15 and poking around on bulletin boards and playing with 6502 assembler this challenge might be fun. Now however, I simply want to use the OS as a tool to accomplish bigger and better things.

I am at the point where I am seriously thinking about writing a VPN client for Linux, but I have a creeping and realistic sense that I will do no better than the guys at PPTP did (and they probably did a great job)

I really just wanted to rant, but I would appreciate any help using a Linux client to communicate with a MS VPN or Watchguard VPN server? And please, pretty please don't send me something that says, "check out PPTP dude".

I have already tried:
-PPTP (can connect, but can not get traffic to route through tunnel, added routes..blah blah, tcpdump shows now traffic over ppp0 interface, ifconfig shows tunnel up but no packets coming in)
-VNC (too bad our firewall is seriously locked down, VNC server on my windows box at work needs port 5900 open on the firewall - forget it)

comprookie2000 03-08-2005 09:23 PM

Will this work;
http://www.cit.buffalo.edu/linux/vpn
or this;
http://openvpn.net/

jason_gram89 03-09-2005 07:17 AM

OpenVPN uses it's own protocol which will not be compaitable with the WatchGuard PPTP protocol. The other one looks like it uses IPSec which are VPN server is not using. Thanks for the suggestions .....

J

sonnik 03-09-2005 07:57 PM

Just a long shot, did you try this:

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
I knew of this (enabling IP forwarding in the Fedora build of 2.6.X), but failing to do it after a restart kicked me around for a few days caused similar symptoms.

jason_gram89 03-10-2005 08:23 AM

Hmmm, is this something that you ran after the tunnel started? Are you using PPTP?

I will take a detailed look at that when I get home. Thanks for you suggestion.

J

sonnik 03-10-2005 05:41 PM

It shouldn't matter if you do it before or after the tunnel starts. I initially used Poptop (PPTP), but had trouble with it so I switched to OpenVPN.

Oddly, they both exhibited the exact same behaviors - identical to the symptoms you are describing - if I'm reading them right.

That single command I posted above is essentially turning on Linux's version of Windows's old-school "Internet Connection Sharing". If you didn't have Internet connection sharing enabled on the one end (the gateway) - the packets will be simply dropped - and cause the behavior you are describing - IIRC.

EDIT: I may be misunderstanding which you are considering as the client. The ip forwarding should only be an issue on the "gateway" computer. But it may be a firewall issue, see my next post.

sonnik 03-10-2005 05:46 PM

You know, I thought I read that you had ruled out the firewall on the Linux machine, but now I can't find it.

If you have iptables running, you might want to try these commands (adjusting the interface (eth0) as needed)

Code:

# Keep state of connections from local machine and private subnets
iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Masquerade local subnet
iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE



All times are GMT -5. The time now is 07:14 PM.