Cisco VPN / Firewall configuration
Kaj J.Niemi
mail.sw.rh.rhl at spam.fi.basen.net
Sun Aug 22 00:13:01 UTC 2004
> his would also apply to configuration of the split tunnel setup.
There's a few bugs related to split tunneling, split dns and generic
tunneling.. They seem related to the kernel version, glibc version and
vpn client version in use but have started rather recently (say within
the last 6 months or so). My hunch is that the interceptor does something
weird. Anyway, with _linux_ clients I got the best result using split
tunneling and pushing dns servers that are routed outside the vpn tunnel
to the clients. It's mentioned off hand in the release notes under the
section "DNS Server on Private Network with Split DNS Causes Problems"
(CSCee66180).
Another is CSCea75956 which occurs with non-Win32 vpn clients only. I first
thought that was what I was experiencing but further investigation and
packet dumping at all ends proved me wrong :)
The vpn client works great under win xp in vmware (as expected) and without
any problems with iptables, too. One needs to permit 500/udp and 4500/udp
(nat/pat passthrough) or 10000/tcp (or whatever other tcp port you or your
administrator might have configured in the concentrator). Good ports to use
are 25, 143, 80, 443, 3128, 8080 .. there's almost always one or two of those
open at various locations. O:-)
// kaj
More information about the fedora-list
mailing list