Professional Web Applications Themes

VPN via GPRS with FreeS/WAN on the server - Mac Networking

Can anybody point me at making this work? I'm trying to reconcile the limited options offered by Panther's VPN pane in Internet Connect and the usual bucketful of choices offered by the Linux firewall and its FreeS/Wan. A decent howto url would be perfect. It is sorta kinda almost there by looking at the logs at each end, but I could use an approach a little further from blundering about in the dark ;-) TIA Elliott -- Swen has got to me. I thought I would be the last on earth to mangle my e-mail address. fsnospam$elliott$$...

  1. #1

    Default VPN via GPRS with FreeS/WAN on the server

    Can anybody point me at making this work?
    I'm trying to reconcile the limited options offered by Panther's VPN
    pane in Internet Connect and the usual bucketful of choices offered by
    the Linux firewall and its FreeS/Wan.
    A decent howto url would be perfect.
    It is sorta kinda almost there by looking at the logs at each end, but
    I could use an approach a little further from blundering about in the
    dark ;-)
    TIA
    Elliott

    --
    Swen has got to me. I thought I would be the last on earth to mangle my e-mail
    address. fsnospam$elliott$$
    Elliott Guest

  2. #2

    Default Re: VPN via GPRS with FreeS/WAN on the server

    In article <150220041743239916%co.uk>,
    Elliott Roper <co.uk> wrote:
     

    Depending on what service provider you are with, they may not route anything
    other than UDP, TCP and ICMP. I'm with Orange and they certainly don't, so
    while I can ssh through, neither PPTP nor IPSec works.

    --

    Sak Wathanasin
    Network ysis Limited
    http://www.network-ysis.ltd.uk
    Sak Guest

  3. #3

    Default Re: VPN via GPRS with FreeS/WAN on the server

    In article <network-ysis.ltd.uk>,
    Sak Wathanasin <ltd.uk> wrote:
     
    >
    > Depending on what service provider you are with, they may not route anything
    > other than UDP, TCP and ICMP. I'm with Orange and they certainly don't, so
    > while I can ssh through, neither PPTP nor IPSec works.[/ref]

    Thanks again Sak. Vodafone. The firewall's FreeS/WAN seems to see some
    kind of connect request from the Mac when I'm running Panther and
    asking for L2TP, but the Mac then sees a connection refused. I'm not
    comletely sure where it is coming from. We are blundering about in the
    dark, just by looking at both logs. Doco at the Apple site indicates
    that it should be using UDP, yet the firewall thinks the Mac is trying
    to set up a TCP tunnel. Bugger!

    --
    Swen has got to me. I thought I would be the last on earth to mangle my e-mail
    address. fsnospam$elliott$$
    Elliott Guest

  4. #4

    Default Re: VPN via GPRS with FreeS/WAN on the server

    In article <180220042254292205%co.uk>,
    Elliott Roper <co.uk> wrote:
     

    This is what I would expect to see: Phase 1 is negotiated using UDP pkts
    to port 500; then for phase 2 they switch to using IP protocol type
    50/51 (AH/ESP) which is prob being dropped by your service provider.
    I've tried talking to Orange tech support about it, but it's hopeless:
    they are cellphone engineers and know nothing about data-comms, and you
    can't get through to any of their network admins. Grrrh....

    You could try using NAT-traversal where Ipsec is encapsulated inside UDP
    (port 4500). The latest versions of Free S/WAN supports this or at least
    the version in the Snapgears do.

    --

    Sak Wathanasin
    Network ysis Limited
    http://www.network-ysis.ltd.uk
    Sak Guest

  5. #5

    Default Re: VPN via GPRS with FreeS/WAN on the server

    In article <network-ysis.ltd.uk>,
    Sak Wathanasin <ltd.uk> wrote:
     
    >
    > This is what I would expect to see: Phase 1 is negotiated using UDP pkts
    > to port 500; then for phase 2 they switch to using IP protocol type
    > 50/51 (AH/ESP) which is prob being dropped by your service provider.
    > I've tried talking to Orange tech support about it, but it's hopeless:
    > they are cellphone engineers and know nothing about data-comms, and you
    > can't get through to any of their network admins. Grrrh....[/ref]

    Ha! Good ammo. I got good support off Vodafone once I reached the right
    techie on an earlier GPRS not working at all problem. 

    We did, or any rate thought we did. I must try harder. Thanks.

    --
    Swen has got to me. I thought I would be the last on earth to mangle my e-mail
    address. fsnospam$elliott$$
    Elliott Guest

  6. #6

    Default Re: VPN via GPRS with FreeS/WAN on the server

    In article <180220042254292205%co.uk>,
    Elliott Roper <co.uk> wrote:
     

    Phase 1 uses UDP (to port 500), then they will switch to AH/ESP (Ip
    protocols 50/51) which will probably being dropped by your service
    provider. You could try using NAT-T where IPSec is encapuslated inside
    UDP (to port 4500); latest versions of Free S/WAn supports this (or at
    least the version in the Snapgears do).

    NB L2TP over IPSec != IPSec; again the SGs have support for this, but I
    don't know if they added this specially or if it's part of Free S/WAN.

    --

    Sak Wathanasin
    Network ysis Limited
    http://www.network-ysis.ltd.uk
    Sak Guest

  7. #7

    Default Re: VPN via GPRS with FreeS/WAN on the server

    In article <network-ysis.ltd.uk>,
    Sak Wathanasin <ltd.uk> wrote:
     

    Heh! Indeed it ain't. It is alphabet soup in this field.

    I am currently working my way through
    http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/interop.html#equ
    inux
    and http://www.equinux.com/download/HowTo_FreeSWAN.pdf
    in there.

    I may be gone some time ;-)

    --
    Swen has got to me. I thought I would be the last on earth to mangle my e-mail
    address. fsnospam$elliott$$
    Elliott Guest

Similar Threads

  1. Replies: 2
    Last Post: September 12th, 10:44 PM
  2. Replies: 0
    Last Post: August 23rd, 05:27 PM
  3. Page daemon frees but doesn't examine?
    By Asif in forum Sun Solaris
    Replies: 1
    Last Post: August 4th, 11:24 PM
  4. Setting up laptop to use the GPRS connection
    By Mike O'Connor in forum Mac Networking
    Replies: 7
    Last Post: July 22nd, 10:18 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139