[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Qube3 - Remote Access VPN
- Subject: Re: [cobalt-users] Qube3 - Remote Access VPN
- From: Malcolm McLeary <mmcleary@xxxxxxx>
- Date: Wed Jan 7 13:12:02 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
on 8/1/04 5:51 AM, H.P. Noordam wrote:
> The basic firewall can not be configured to pass a protocol afaik, just
> ports, which is quite something different. Passing protocol 47 wit the
> basc firewall would basicaly mean mapping all udp and tcp ports
> inbound, which comes down to disabling the firewall.
A rule can be added to the "manual" section of ipchains.conf to deal with
protocol 47.
# Protocol 47 (GRE) is required for PPTP
/sbin/ipchains -A input -p 47 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
It was not obvious to me, but you also need to accept ppp0 traffic. This
can be done via the Cobalt GUI, but a "manual" rule works just as well.
# Accepting traffic on ppp0 (i.e. Virtual Interface) is required for PPTP
/sbin/ipchains -A input -p all -s 0.0.0.0/0 -d 0.0.0.0/0 -i ppp0 -j ACCEPT
> Apart from that, the vpn software in the qube is a realy realy realy realy
> ancient version, which has many problems with things such as broadcasts over
> the vpn network.
Yes ... that is the next challenge. I have standard TCP based things
working (AFPoverTCP, FileMaker, SSH, http, smtp, imap, etc) but I'd really
like to use Apple Remote Desktop. I understand ARD relied on broadcast to
monitor the status of monitored machines. I believe this issue is being
worked on in version 1.1.3 and later.
> There has been some discussion about the vpn software on the sun qube forum.
Yes ... been there and read the threads, but although the issue has been
discussed no-one seems to have solutions.
Cheers, Malcolm