[nflug] UB VPN

eric eric at bootz.us
Tue Sep 26 12:44:53 EDT 2006


taken from the website:
Copy the lines specific to your VPN solution listed below, and paste
them into the //etc/firestarter/user-pre/ file on the firewall host.
Restarting the firewall, for example by executing
"//etc/firestarter/firewall.sh start/", commits the new settings.

Frank Kumro wrote:

> Thanks for the link, I will try this when I get home. However do I
> just execute the commands in a terminal or is there a firestarter
> files to add...
>
> On 9/26/06, eric <eric at bootz.us> wrote:
>
>> Frank, I found this:
>> http://www.fs-security.com/docs/vpn.php
>>
>> eric wrote:
>>
>> >Have you viewed the Events tab?  Click reload and you should see what's
>> >happening.
>> >
>> >Frank Kumro wrote:
>> >
>> >
>> >
>> >>I have firestarter installed on my local machine and i only have a
>> >>older linksys router that goes to a switch for my network. The only
>> >>change I made was adding port 4500 to firestarter and the linksys box.
>> >>Also I cant seem to find any firewall logs in /var/log - where else
>> >>could it be? As far as docs, nope.
>> >>
>> >>On 9/25/06, Bootz <eric at bootz.us> wrote:
>> >>
>> >>
>> >>
>> >>>check your firewall Frank.  are you running firestarter or something
>> >>>more elaborate...  did you change anything with your firewall
>> ...was it
>> >>>upgraded automagically.  Have you unplugged everything and restarted
>> >>>...have run dhcpclient??
>> >>>
>> >>>check your firewall logs ...firestarter is fun for watching events...
>> >>>
>> >>>Frank Kumro wrote:
>> >>>
>> >>>
>> >>>>More information...I can still connect to my firewall on my lan
>> but I
>> >>>>cannot get outside...looks like my dns is gone and here is the
>> output
>> >>>>of the vpnclient. Also I have allowed port 4500 access to my
>> >>>>machine...
>> >>>>
>> >>>>**VPN OUTPUT***
>> >>>>Authenticating user.
>> >>>>Negotiating security policies.
>> >>>>Securing communication channel.
>> >>>>
>> >>>>University at Buffalo
>> >>>>VPN Concentrator
>> >>>>3 HOUR IDLE TIMER
>> >>>>24 HOUR MAX DURATION TIMER
>> >>>>
>> >>>>For your protection we monitor this system
>> >>>>for unauthorized usage and abuse
>> >>>>
>> >>>>Do you wish to continue? (y/n): y
>> >>>>
>> >>>>Your VPN connection is secure.
>> >>>>
>> >>>>VPN tunnel information.
>> >>>>Client address: 128.205.245.242
>> >>>>Server address: 128.205.240.120
>> >>>>Encryption: 128-bit AES
>> >>>>Authentication: HMAC-SHA
>> >>>>IP Compression: None
>> >>>>NAT passthrough is active on port UDP 4500
>> >>>>Local LAN Access is disabled
>> >>>>
>> >>>>
>> >>>>On 9/25/06, Frank Kumro <fkumro at gmail.com> wrote:
>> >>>>
>> >>>>
>> >>>>>For a little more information here is the output of /sbin/ifconfig
>> >>>>>(UB section)
>> >>>>>
>> >>>>>cipsec0   Link encap:Ethernet  HWaddr 00:0B:FC:F8:01:8F
>> >>>>>          inet addr:128.205.246.153  Mask:255.255.255.0
>> >>>>>          inet6 addr: fe80::20b:fcff:fef8:18f/64 Scope:Link
>> >>>>>          UP RUNNING NOARP  MTU:1356  Metric:1
>> >>>>>          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> >>>>>          TX packets:0 errors:0 dropped:10 overruns:0 carrier:0
>> >>>>>          collisions:0 txqueuelen:1000
>> >>>>>          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>> >>>>>
>> >>>>>a 128.205 is a UB address but it still kills all activity in/out :(
>> >>>>>
>> >>>>>On 9/25/06, pirrone <pirrone at localnet.com> wrote:
>> >>>>>
>> >>>>>
>> >>>>>>Frank Kumro wrote:
>> >>>>>>
>> >>>>>>
>> >>>>>>>I am running ubuntu 6.06 (2.6 kernel) and I have installed the
>> >>>>>>>
>> >>>>>>>
>> >>>vpn
>> >>>
>> >>>
>> >>>>>>>client from UB. It works and connects but when it does I no
>> >>>>>>>
>> >>>>>>>
>> >>>>>longer can
>> >>>>>
>> >>>>>
>> >>>>>>>use the internet and I am not connected to UB's even though it
>> >>>>>>>
>> >>>>>>>
>> >>>>>says I
>> >>>>>
>> >>>>>
>> >>>>>>>am...anyone have an ideas?
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>Frank,
>> >>>>>>
>> >>>>>>I connect to my RedHat 8.0 server at school from my Fedora Core 3
>> >>>>>>
>> >>>>>>
>> >>>>>server
>> >>>>>
>> >>>>>
>> >>>>>>at home using pptp, modprobe ppp-compress-18, and route add -net
>> >>>>>>172.16.16.0 netmask 255.255.255.0 dev ppp1.  Open the firewall
>> >>>>>>(FireStarter for outgoing traffic on ppp1), pop up one of my
>> >>>>>>
>> >>>>>>
>> >>>beloved
>> >>>
>> >>>
>> >>>>>>"invisible" Eterms (transparent, title-less, scroll-less,
>> >>>>>>
>> >>>>>>
>> >>>frame-less)
>> >>>
>> >>>
>> >>>>>>floating ethereally above my stark FluxBox WM, and but right
>> >>>>>>
>> >>>>>>
>> >>>into my
>> >>>
>> >>>
>> >>>>>>school server on its internal IP.  In GKrellM I see the
>> >>>>>>
>> >>>>>>
>> >>>appearance of
>> >>>
>> >>>
>> >>>>>>PPP1 in addition to the existing PPP0 when I run pptp and see the
>> >>>>>>bi-directional traffic in both windows as I work to work and work
>> >>>>>>
>> >>>>>>
>> >>>>>to play.
>> >>>>>
>> >>>>>
>> >>>>>>Sorry, I have no ideas on solving your UB problem which may be
>> >>>>>>
>> >>>>>>
>> >>>quite
>> >>>
>> >>>
>> >>>>>>unrelated to what I related above but everything is relative...
>> >>>>>>
>> >>>>>>Frank
>> >>>>>>_______________________________________________
>> >>>>>>nflug mailing list
>> >>>>>>nflug at nflug.org
>> >>>>>>http://www.nflug.org/mailman/listinfo/nflug
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>--
>> >>>>>Frank
>> >>>>>Shenanigans!!
>> >>>>>I do the voodoo that I do do with sudo!
>> >>>>>http://www.syncoder.com
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>_______________________________________________
>> >>>nflug mailing list
>> >>>nflug at nflug.org
>> >>>http://www.nflug.org/mailman/listinfo/nflug
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >
>> >_______________________________________________
>> >nflug mailing list
>> >nflug at nflug.org
>> >http://www.nflug.org/mailman/listinfo/nflug
>> >
>> >
>>
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>>
>
>

_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug



More information about the nflug mailing list