Linux kernel 2.4.x and IPSEC masquerade

Hi.

First, sorry for my english, but it's not my first language.

My problem is this :

I have a router/firewall who is running on a x86 box under linux redhat
7.2, with kernel 2.4.19.
The router is doing traffic masquerade and nat.

Behind this router/firewall, I have a lot of pc stations running windows xp.

I want to run checkpoint VPN-1 on some of this machines to connect to a
VPN server somewhere on the internet.
This software can use ipsec/ike to connect to this VPN server.

How can i (simply or not) masquerade the IPSEC traffic on the
router/firewall ?

Do I have to upgrade my linux kernel or install a third party software
on the router/firewall ???


Thanks for your help.

Olivier.

Olivier Roset wrote:

> Hi.
>
> First, sorry for my english, but it's not my first language.
>
> My problem is this :
>
> I have a router/firewall who is running on a x86 box under linux redhat
> 7.2, with kernel 2.4.19.
> The router is doing traffic masquerade and nat.
>
> Behind this router/firewall, I have a lot of pc stations running windows
> xp.
>
> I want to run checkpoint VPN-1 on some of this machines to connect to a
> VPN server somewhere on the internet.
> This software can use ipsec/ike to connect to this VPN server.
>
> How can i (simply or not) masquerade the IPSEC traffic on the
> router/firewall ?
>
> Do I have to upgrade my linux kernel or install a third party software
> on the router/firewall ???
>
>
> Thanks for your help.
>
> Olivier.


L2TP is port 1701/udp *
IPSec ESP is IP *protocol* (not port) 50 *
IKE (IPsec's authentication protocol) is port 500/udp *
NAT-T is port 4500/udp

Damiano

Dam a écrit :
> Olivier Roset wrote:
>
>
>>Hi.
>>
>>First, sorry for my english, but it's not my first language.
>>
>>My problem is this :
>>
>>I have a router/firewall who is running on a x86 box under linux redhat
>>7.2, with kernel 2.4.19.
>>The router is doing traffic masquerade and nat.
>>
>>Behind this router/firewall, I have a lot of pc stations running windows
>>xp.
>>
>>I want to run checkpoint VPN-1 on some of this machines to connect to a
>>VPN server somewhere on the internet.
>>This software can use ipsec/ike to connect to this VPN server.
>>
>>How can i (simply or not) masquerade the IPSEC traffic on the
>>router/firewall ?
>>
>>Do I have to upgrade my linux kernel or install a third party software
>>on the router/firewall ???
>>
>>
>>Thanks for your help.
>>
>>Olivier.
>
>
>
> L2TP is port 1701/udp *
> IPSec ESP is IP *protocol* (not port) 50 *
> IKE (IPsec's authentication protocol) is port 500/udp *
> NAT-T is port 4500/udp

Thanks for your help but I already know that.
I think the 2.4.x kernel don't support the IPSec masquerading or NAT
traversal.
Is there a patch somewhere for kernel 2.4.x that allow IPSec masquerade
or NAT traversal ?

Olivier.

On Wed, 01 Jun 2005 14:01:04 +0200, Olivier Roset wrote:

> Dam a écrit :
>> [quoted text muted]
>
> Thanks for your help but I already know that.
> I think the 2.4.x kernel don't support the IPSec masquerading or NAT
> traversal.
> Is there a patch somewhere for kernel 2.4.x that allow IPSec masquerade
> or NAT traversal ?
>
> Olivier.


http://www.openswan.org/code/

--tim

Tim Lingard a écrit :
> On Wed, 01 Jun 2005 14:01:04 +0200, Olivier Roset wrote:
>
>
>>Dam a écrit :
>>
>>>[quoted text muted]
>>
>>Thanks for your help but I already know that.
>>I think the 2.4.x kernel don't support the IPSec masquerading or NAT
>>traversal.
>>Is there a patch somewhere for kernel 2.4.x that allow IPSec masquerade
>>or NAT traversal ?
>>
>>Olivier.
>
>
>
> http://www.openswan.org/code/

Yes, It was the solution.
Now, it's ok.
Thanks for your help.