Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-08-2005, 09:08 PM
|
#1
|
LQ Newbie
Registered: Mar 2005
Posts: 4
Rep:
|
Light at the end of the tunnel
Well, I installed Linux about two years ago, flattened by Windows 2000 box and just started over with RH 8. Fast-forward to the present and I am running Fedora. As a professional programmer I am comfortable working with the shell, plus I had quite a bit of Unix experience while at University. I have managed to find all the development tools that I need to work comfortably on my Linux box.
I only have one complaint: I need to connect to my windows machine (ideally through remote desktop) at work. Of course to do this I need a VPN connection to our watchguard firewall. Yes, yes I know that PPTP is potentially useful for this purpose. And yes I have already spent enough hours trying to get it to work to buy several windows boxes.. After several days spent playing with ifconfig, tcpdump, route, posting on forums and edititing configuration files I am still not able to do something that would have literally taken me ten minutes to do using a windows os. If I was back at the point when I was 15 and poking around on bulletin boards and playing with 6502 assembler this challenge might be fun. Now however, I simply want to use the OS as a tool to accomplish bigger and better things.
I am at the point where I am seriously thinking about writing a VPN client for Linux, but I have a creeping and realistic sense that I will do no better than the guys at PPTP did (and they probably did a great job)
I really just wanted to rant, but I would appreciate any help using a Linux client to communicate with a MS VPN or Watchguard VPN server? And please, pretty please don't send me something that says, "check out PPTP dude".
I have already tried:
-PPTP (can connect, but can not get traffic to route through tunnel, added routes..blah blah, tcpdump shows now traffic over ppp0 interface, ifconfig shows tunnel up but no packets coming in)
-VNC (too bad our firewall is seriously locked down, VNC server on my windows box at work needs port 5900 open on the firewall - forget it)
|
|
|
03-08-2005, 09:23 PM
|
#2
|
Gentoo Developer
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Rep:
|
Last edited by comprookie2000; 03-08-2005 at 09:30 PM.
|
|
|
03-09-2005, 07:17 AM
|
#3
|
LQ Newbie
Registered: Mar 2005
Posts: 4
Original Poster
Rep:
|
OpenVPN uses it's own protocol which will not be compaitable with the WatchGuard PPTP protocol. The other one looks like it uses IPSec which are VPN server is not using. Thanks for the suggestions .....
J
|
|
|
03-09-2005, 07:57 PM
|
#4
|
Member
Registered: May 2001
Posts: 149
Rep:
|
Just a long shot, did you try this:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
I knew of this (enabling IP forwarding in the Fedora build of 2.6.X), but failing to do it after a restart kicked me around for a few days caused similar symptoms.
|
|
|
03-10-2005, 08:23 AM
|
#5
|
LQ Newbie
Registered: Mar 2005
Posts: 4
Original Poster
Rep:
|
Hmmm, is this something that you ran after the tunnel started? Are you using PPTP?
I will take a detailed look at that when I get home. Thanks for you suggestion.
J
|
|
|
03-10-2005, 05:41 PM
|
#6
|
Member
Registered: May 2001
Posts: 149
Rep:
|
It shouldn't matter if you do it before or after the tunnel starts. I initially used Poptop (PPTP), but had trouble with it so I switched to OpenVPN.
Oddly, they both exhibited the exact same behaviors - identical to the symptoms you are describing - if I'm reading them right.
That single command I posted above is essentially turning on Linux's version of Windows's old-school "Internet Connection Sharing". If you didn't have Internet connection sharing enabled on the one end (the gateway) - the packets will be simply dropped - and cause the behavior you are describing - IIRC.
EDIT: I may be misunderstanding which you are considering as the client. The ip forwarding should only be an issue on the "gateway" computer. But it may be a firewall issue, see my next post.
Last edited by sonnik; 03-10-2005 at 05:50 PM.
|
|
|
03-10-2005, 05:46 PM
|
#7
|
Member
Registered: May 2001
Posts: 149
Rep:
|
You know, I thought I read that you had ruled out the firewall on the Linux machine, but now I can't find it.
If you have iptables running, you might want to try these commands (adjusting the interface (eth0) as needed)
Code:
# Keep state of connections from local machine and private subnets
iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Masquerade local subnet
iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE
|
|
|
All times are GMT -5. The time now is 02:45 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|