Re: [cobalt-users] Qube3 - Remote Access VPN

["H.P. Noordam" <mac@xxxxxxxx>]

Op 5-jan-04 om 22:01 heeft Malcolm McLeary het volgende geschreven:

> Hi Guys,
>
> Anyone had any success with Remote Access VPN AND the Basic Firewall?
>
> I have a Qube3 set up as firewall for a small network via the Basic
> Firewall
> capability.  Users on the inside are able to establish VPN connections
> to
> remote servers, but I'm not having any success establishing a VPN from
> the
> outside back in.
>
> To get access to remote VPN servers I had to manually add a rule to
> ipchains.conf to allow protocol 47 through but the only way to get a
> connection the other way is to disable the Basic Firewall.
>
> Port 1723 is open so I can establish a connection, but I can't get any
> traffic to flow ... this happens with protocol 47.
>
> Obviously ipchains is blocking the traffic, but I can't see why it is
> only
> happening one way.
>
> Anyone know what else I need to add to ipchains.conf to get this to
> work?
>
> I have had this working with the Adaptive Firewall, but I'd prefer to
> use
> just the Basic Firewall.
>
> Cheers,  Malcolm
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

The basic firewall can not be configured to pass a protocol afaik, just
ports, which is quite something different. Passing protocol 47 wit the
basc firewall would basicaly mean mapping all udp and tcp ports
inbound, which comes down to disabling the firewall. Apart from that,
the vpn software in the qube is a realy realy realy realy ancient
version, which has many problems with things such as broadcasts over
the vpn network. There has been some discussion about the vpn software
on the sun qube forum.

B.