[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Getting Nortel Intranet client going with Ipnat on FreeBSD 4.4-PRERELEASE
From: "Dan Makovec" <dan () fatcanary ! com ! au>
Date: 2001-10-30 13:17:25
[Download RAW message or body]
Hi all,
As the subject suggests, I'm running a FreeBSD 4.4-PRERELEASE as a firewall at home \
on a permanent line with one real IP address, and a Windows box sitting on my network \
under a 192.168 address.
I would like to use Nortel Extranet Access Client to connect to my office, and \
obviously in order to do this need NAT to handle the ESP and associated protocols for \
such a VPN client.
With older versions of IPF, the Nortel client sent a packet out to the vpn server, \
but no packets ever came back, which leads me to believe that the source IP header \
information embedded in the outgoing packets was not being converted correctly, and \
that the server was attempting to contact some mythical 192.168 machine.
I understood that ipf 3.4.21 has a ipsec proxy in it that is supposed to aid in \
achieving connectivity over NAT, but I have not been able to compile and install this \
update (formerly using 3.4.20) on my FreeBSD box, using the instructions in the \
FreeBSD-4.0 directory.
Firstly, the kinstall script complains about the lack of an ipv6 patch for 4.4, which \
I get around simply by symlinking the 4.1 patch to 4.4 - this causes one patch chunk \
to fail but everything else seems to go through ok.
Secondly once kinstall does complete, I get the following error while attempting a \
kernel build:
In file included from ../../contrib/ipfilter/netinet/ip_proxy.c:93:
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c: In function `ippr_ipsec_new':
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: `ipsec_pxy_t' undeclared (first use \
in this function)
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: (Each undeclared identifier is \
reported only once
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: for each function it appears in.)
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: `ipsec' undeclared (first use in \
this function)
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: warning: statement with no effect
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:41: syntax error before `fi'
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:54: syntax error before `)'
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:66: `ipn' undeclared (first use in this \
function)
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:83: `fi' undeclared (first use in this \
function)
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:86: `p' undeclared (first use in this \
function)
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c: In function `ippr_ipsec_out':
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:104: `ipsec_pxy_t' undeclared (first \
use in this function)
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:104: `ipsec' undeclared (first use in \
this function)
../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:104: warning: statement with no effect
../../contrib/ipfilter/netinet/ip_proxy.c: At top level:
../../contrib/ipfilter/netinet/ip_proxy.c:181: warning: function declaration isn't a \
prototype
*** Error code 1
Can anybody tell me:
1. Is the ipsec proxy the solution I am looking for?
2. If so, how do I compile this on FreeBSD?
3. In what way do I need to set up my configuration files to get it working?
Thanks in advance for any help you may be able to give me!
Cheerio,
d
--
Dan Makovec
Fat Canary Software
Mail - dan@fatcanary.com.au
Web - fatcanary.com.au/dan
NetMeeting - callto:dan.fatcanary.com.au
ICQ - 1308090
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.3315.2869" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi all,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>As the subject suggests, I'm running a FreeBSD
4.4-PRERELEASE as a firewall at home on a permanent line with one real IP
address, and a Windows box sitting on my network under a 192.168
address.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>I would like to use Nortel Extranet Access Client
to connect to my office, and obviously in order to do this need NAT to handle
the ESP and associated protocols for such a VPN client. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>With older versions of IPF, the Nortel client sent
a packet out to the vpn server, but no packets ever came back, which leads me to
believe that the source IP header information embedded in the outgoing packets
was not being converted correctly, and that the server was attempting to contact
some mythical 192.168 machine.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I understood that ipf 3.4.21 has a ipsec proxy in
it that is supposed to aid in achieving connectivity over NAT, but I have not
been able to compile and install this update (formerly using 3.4.20) on my
FreeBSD box, using the instructions in the FreeBSD-4.0 directory.
</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Firstly, the kinstall script complains about the
lack of an ipv6 patch for 4.4, which I get around simply by symlinking the 4.1
patch to 4.4 - this causes one patch chunk to fail but everything else seems to
go through ok.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Secondly once kinstall does complete, I get the
following error while attempting a kernel build:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>In file included from
../../contrib/ipfilter/netinet/ip_proxy.c:93:<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:
In function
`ippr_ipsec_new':<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40:
`ipsec_pxy_t' undeclared (first use in this
function)<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: (Each undeclared
identifier is reported only
once<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: for each function it
appears in.)<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: `ipsec'
undeclared (first use in this
function)<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:40: warning:
statement with no effect<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:41:
syntax error before `fi'<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:54:
syntax error before `)'<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:66:
`ipn' undeclared (first use in this
function)<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:83: `fi' undeclared
(first use in this
function)<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:86: `p' undeclared
(first use in this function)<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:
In function
`ippr_ipsec_out':<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:104:
`ipsec_pxy_t' undeclared (first use in this
function)<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:104: `ipsec'
undeclared (first use in this
function)<BR>../../contrib/ipfilter/netinet/ip_ipsec_pxy.c:104: warning:
statement with no effect<BR>../../contrib/ipfilter/netinet/ip_proxy.c: At top
level:<BR>../../contrib/ipfilter/netinet/ip_proxy.c:181: warning: function
declaration isn't a prototype<BR>*** Error code 1<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Can anybody tell me:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>1. Is the ipsec proxy the solution I am looking
for?</FONT></DIV>
<DIV><FONT face=Arial size=2>2. If so, how do I compile this on
FreeBSD?</FONT></DIV>
<DIV><FONT face=Arial size=2>3. In what way do I need to set up my configuration
files to get it working?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Thanks in advance for any help you may be able to
give me!</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Cheerio,</FONT></DIV>
<DIV><FONT face=Arial size=2>d</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>--</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Dan Makovec<BR>Fat Canary Software<BR>Mail - <A
href="mailto:dan@fatcanary.com.au">dan@fatcanary.com.au</A><BR>Web -
fatcanary.com.au/dan<BR>NetMeeting - callto:dan.fatcanary.com.au<BR>ICQ -
1308090<BR></FONT></DIV></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic