I''m running a very fresh install of Shorewall v3.4 (2 interfaces, net and loc, SNAT is working properly) on top of CentOS5. However, when I attempt to create a PPTP VPN connection from my WinXP laptop (behind the shorewall) to the VPN server at the main office, I''m getting "Error 638". (I tried to get this up and working last year, but gave up and put my old Linksys NAT box back in. Now I''m trying again.) Now, according to: http://www.shorewall.net/PPTP.htm I shouldn''t need to change any of the default settings to allow outbound VPN connections for WinXP clients behind the firewall (unless I''m getting into multiple clients). Is this still a true statement for v3.4 and the 2.6 kernels? I''m not even sure that Shorewall v3.4 uses a /etc/shorewall/modules file? So far, I''ve defined the policy, masq, interfaces, and zones file. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sat, May 26, 2007 at 11:47:49PM -0400, Thomas Harold wrote:> I''m running a very fresh install of Shorewall v3.4 (2 interfaces, net > and loc, SNAT is working properly) on top of CentOS5. However, when I > attempt to create a PPTP VPN connection from my WinXP laptop (behind the > shorewall) to the VPN server at the main office, I''m getting "Error 638". > > (I tried to get this up and working last year, but gave up and put my > old Linksys NAT box back in. Now I''m trying again.) > > Now, according to: http://www.shorewall.net/PPTP.htm > > I shouldn''t need to change any of the default settings to allow outbound > VPN connections for WinXP clients behind the firewall (unless I''m > getting into multiple clients). Is this still a true statement for v3.4 > and the 2.6 kernels? I''m not even sure that Shorewall v3.4 uses a > /etc/shorewall/modules file? > > So far, I''ve defined the policy, masq, interfaces, and zones file. >http://www.shorewall.net/support.htm Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Thomas Harold wrote:> I''m running a very fresh install of Shorewall v3.4 (2 interfaces, net > and loc, SNAT is working properly) on top of CentOS5. However, when I > attempt to create a PPTP VPN connection from my WinXP laptop (behind the > shorewall) to the VPN server at the main office, I''m getting "Error 638". > > (I tried to get this up and working last year, but gave up and put my > old Linksys NAT box back in. Now I''m trying again.) > > Now, according to: http://www.shorewall.net/PPTP.htm > > I shouldn''t need to change any of the default settings to allow outbound > VPN connections for WinXP clients behind the firewall (unless I''m > getting into multiple clients). Is this still a true statement for v3.4 > and the 2.6 kernels? I''m not even sure that Shorewall v3.4 uses a > /etc/shorewall/modules file? > > So far, I''ve defined the policy, masq, interfaces, and zones file.Attached is the debug file. Source IP is 192.168.142.30 and target is 209.139.90.131. Which shows up in the Conntrack Table section, but no messages in /var/log/messages with that IP address. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Thomas Harold wrote:> I''m running a very fresh install of Shorewall v3.4 (2 interfaces, net > and loc, SNAT is working properly) on top of CentOS5. However, when I > attempt to create a PPTP VPN connection from my WinXP laptop (behind the > shorewall) to the VPN server at the main office, I''m getting "Error 638". > > (I tried to get this up and working last year, but gave up and put my > old Linksys NAT box back in. Now I''m trying again.) > > Now, according to: http://www.shorewall.net/PPTP.htm > > I shouldn''t need to change any of the default settings to allow outbound > VPN connections for WinXP clients behind the firewall (unless I''m > getting into multiple clients). Is this still a true statement for v3.4 > and the 2.6 kernels? I''m not even sure that Shorewall v3.4 uses a > /etc/shorewall/modules file? > > So far, I''ve defined the policy, masq, interfaces, and zones file.And... now it just starts working. I have a suspicion though. I suspect that the PPTP server that I was attempting to connect to was having issues with DNS resolution. Ah well, fodder for the search engines... ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/