Q: Novell VPN client -> RedHat 7
 

Anyone got the Novell BorderManager VPN client 3.6 running in combination with a Linux firewall.

I replaced my old firewall/router for a Clarkconnect (RedHat 7) linux box but can not get my VPN client up and running.

I opened up the ports required for the VPN client
UDP/TCP 353. But no luck.

I also tried:
echo "1" > /proc/sys/net/ipv4/ip_forward

/sbin/ipchains -M -S 7200 10 240

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

Do I need to do more?
Thanks,

A.Gaatje

Hi,

The problem in masquerading VPN traffic is that Linux 7.0's IP masquerade has no awareness of IP protocols other than TCP, UDP and ICMP.!

IPsec over a VPN requires a change that adds support for the ISAKMP key exchange protocol.

You need to update to Redhat 7.1 or use the 7.0 Clarkconnect box as the VPN client without NAT from one of your windows boxes.

/Raz
:)

or try to patch it following this link:

http://www.impsec.org/linux/masquerade/ip_masq_vpn.html

I don't know Novell BorderManager VPN but I assume it used ipsec and not it's own protocol, like Checkpoint's FWZ.

/Raz

CC is RedHat kernel v. 2.2.17
 

Thanks for the info,

On this link

"RedHat has included the VPN patch in kernels 2.2.16-8"

My ClarkConnect has kernel 2.2.17-14 from Redhat.
Looks like the patches are in place.

Arie