Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

7.1 VPN Masquerading

I just finished a successful setup of my linux router using RH 7.1 with IP Masquerading working. Everything works fine except for my VPN connections (Using two different Kinds PPTP and IPSEC).

All the research I can find on the net talks about having to patch the kernel but most of it has to do with kernel releases 2.0 and 2.2

(Uname is reporting...  2.4.9-34, I am assuming this is my kernel level)

Can someone shed some light on this? Will I need to do kernel surgery to make this work? Perhaps someone could point me in the right direction for information about this procedure for my kernel release.

Oh, Yeah I forgot to note that I am using a script from the net that uses ipchains to implement ip Masq. Don't know much about how that work but know it works...

2 Solutions
No idea about RH, but the name of the ipsec package is FreeS/WAN (

Many Distributions have FreeS/WAN included, as an american distribution RH might not due to US encryption export regulations!? Check your package manager to find out.

Anyway, on the site you find the documentation. It includes detailed steps on what to do if your distribution doesn't support FreeS/WAN, that is how to compile a new kernel and install the software.

If RH does support FreeS/WAN you can skip right to configuration.

Hope this helps.
FreeS/WAN requires you to place the source files in the /usr/src area and recompile the kernel. Once done, however it works very nicely.  I know for certain FreeS/WAN did not ship with RH 7.1, and as of RH 7.3 that hasn't changed. FreeS/WAN is pretty well documented, so if you know how to recompile the kernel this should go well for you.
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

If the user does not know how to close the question, the options are here:
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Split: Zook {http:#7098993} & mikeyman {http:#7109470}

Please leave any comments here within the next four days.

EE Cleanup Volunteer
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now