VPN 3.8 Client behind Netgear Router and BM 3.8 behind Linux IPTABLES

I ve configured my BM 3.8 Client behind my Netgear DSL Router (NAT).

I ve configured my BM 3.8 SP1 Server behind Linux (IPTABLES NAT) not a
filter problem.   

In this configuration I can do all at BM 3.8 server.

I ve configured my BM entry policies from Craigs Johnsons book
Authentication with NMAS (NDS).

Now if I connect to BM server I got following NMAS error (error
authentication gateway FFFFF996.

The same error if I configure my vpm client in same network like 
my natted linux interface.

I m not sure where I should look at first. I ve heard BM is running
a linux natted interface.

Or there are problems with my policies.

Can anybody help me!
0
Linus
3/5/2004 9:23:50 AM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

8 Replies
774 Views

Similar Articles

[PageSpeed] 14
Get it on Google Play
Get it on Apple App Store

Hi,

Linus Mueller wrote:
> 
> I ve configured my BM entry policies from Craigs Johnsons book
> Authentication with NMAS (NDS).
> 
> Now if I connect to BM server I got following NMAS error (error
> authentication gateway FFFFF996.

Above error translates to a NDS error "-669", which just means wrong
password. Does this help any?

CU,
-- 
Massimo Rosen
Novell Support Connection Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
3/5/2004 9:58:59 AM
Am Fri, 05 Mar 2004 09:58:59 +0000 schrieb Massimo Rosen:

> Hi,
> 
> Linus Mueller wrote:
>> 
>> I ve configured my BM entry policies from Craigs Johnsons book
>> Authentication with NMAS (NDS).
>> 
>> Now if I connect to BM server I got following NMAS error (error
>> authentication gateway FFFFF996.
> 
> Above error translates to a NDS error "-669", which just means wrong
> password. Does this help any?
> 
> CU,


Sorry for duplicate message.

No the password is right!
Is there need to set a addition password?
I can t see anything in NMASMON

Thanks

0
Linus
3/5/2004 10:05:10 AM
Hi,

Linus Mueller wrote:
> > Above error translates to a NDS error "-669", which just means wrong
> > password. Does this help any?
> >
> > CU,
> 
> Sorry for duplicate message.
> 
> No the password is right!

Well, the error message is sort of clear. NOte that with NMAS involved,
passwords are case sensitive. Can you try with a newly created user and
PW?

CU,
-- 
Massimo Rosen
Novell Support Connection Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
3/5/2004 12:34:57 PM
On Fri, 05 Mar 2004 12:34:57 +0000, Massimo Rosen wrote:

> Hi,
> 
> Linus Mueller wrote:
>> > Above error translates to a NDS error "-669", which just means wrong
>> > password. Does this help any?
>> >
>> > CU,
>> 
>> Sorry for duplicate message.
>> 
>> No the password is right!
> 
> Well, the error message is sort of clear. NOte that with NMAS involved,
> passwords are case sensitive. Can you try with a newly created user and
> PW?
> 
> CU,


Hallo 

In this moment I ve only a connection in same network. My vpn Client is
in same network as my linux NAT Interface. Linux NAT is my default GW.

I ve create a new user with same problem.

* In NMASMON i can t see anything.

* In CSAUDIT 
	 A conection was openen for vpn client at address xxx.xxx.xxx.xxx
	 Failed to process NMAS Request. Authentication failure.







0
Linus
3/6/2004 2:51:46 PM
In article <pan.2004.03.06.14.51.49.219000@gebics.de>, Linus Mueller 
wrote:
> In this moment I ve only a connection in same network. My vpn Client is
> in same network as my linux NAT Interface. Linux NAT is my default GW
>
You are testing VPN from inside the LAN?  You should only test VPN from 
the public side.

What Massimo said was clear - a 669 error is an incorrect password.  
Passwords with NMAS involved may be case-sensitive.  "PASSWORD" is not 
the same as "Password" or password".  Try changing the password to 
something will all lower-case letters.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
3/6/2004 3:18:26 PM
On Sat, 06 Mar 2004 15:18:26 +0000, Craig Johnson wrote:

> In article <pan.2004.03.06.14.51.49.219000@gebics.de>, Linus Mueller 
> wrote:
>> In this moment I ve only a connection in same network. My vpn Client is
>> in same network as my linux NAT Interface. Linux NAT is my default GW
>>
> You are testing VPN from inside the LAN?  You should only test VPN from 
> the public side.
> 
> What Massimo said was clear - a 669 error is an incorrect password.  
> Passwords with NMAS involved may be case-sensitive.  "PASSWORD" is not 
> the same as "Password" or password".  Try changing the password to 
> something will all lower-case letters.
> 
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on 
> BorderManager, go to http://www.craigjconsulting.com ***


Hallo Craig,

my bm 3.8 ist in my dmz (192.168.100.200)

my linux has nat interface in public network. (195.145.xxx.213)
and on second interface in DMZ. (192.168.100.11)

On my linux nat (iptables) I configuration a prerouting and postrouting
rule to let all traffic in and out. (Like static Nat by Bordermanager)
In this moment no filters only nat.

To make any test I ve configured my notebook with vpn client in same
network like PUBLIC Interface of my Linux NAT Interface (195.145.xxx.212)
And default GW is PUBLIC Interface of my Linux NAT Interface.

Now if I do vpn dialin i get the NAMS Error.

Now I m not sure.... Comes this error from wrong configuration of BM
Policies.

Or comes the problem from BM behind Linux NAT Interface, that no all
traffic comes through .......?



0
Linus
3/6/2004 3:39:58 PM
The problem is that you are putting in the wrong password.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
3/8/2004 5:17:52 AM
On Mon, 08 Mar 2004 05:17:52 +0000, Craig Johnson wrote:

> The problem is that you are putting in the wrong password.
> 
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on 
> BorderManager, go to http://www.craigjconsulting.com ***


Hallo Massimo, Hallo Craig

my nmas settings at nmas server wasn t right.

Thank you very much for your help!

Now its running !!
0
Linus
3/11/2004 11:16:34 AM
Reply:

Similar Artilces:

VPN Client 3.8 behind Netgear Router VPN Server C2S behind Linux IPTABLES
I configured my vpn client behind a Netgear router in NAT modus. MY BM 3.8 C2S is running behind Linux IPTABLES in static NAT Modus. If configured my bm policies after the book from john craig (NMAS / PASSWORD/ NDS) If I connect from my VPN Client I get NMAS error "error authentication FFFF996" but nothing in nmasmon (ver 1.21) If I connect the client can read the name of Tree but then occured the error. The same error I get if I configure my vpn client in the same network like linux public interface and attach from there my BM about linux nat interface. Does any...

Microsoft VPN client Behind a BM 3.8
We've got a client that has some users that needs to run some apps through a MS vpn connection, They have a Firewall 1 and a BM server, they have issues with the Firewall 1 and almost no support for it, so,, they like us to help them get the users going out through the BM 3.8 instead.. Any ideas if it'll work..??,, and if so,, which exceptions should be needed on the BM..?? I've got craigs books,, but,, havent found the relavant info there yet THanks, MS VPN uses GRE encryption protocol. GRE does not work through Novell's NAT. Craig Johnson N...

BM 3.8 VPN Client Behind Firewall-1
Hi,, Got a customer running a BM 3.8 server, he needs to place out a PC at another site where they run Firewall-1, They have been trying to use the BM 3.8 VPN client from inside that network ( behind the firewall-1) to connect to the BM 3.8 server. No Luck.. Also, by phone,, I've been trying to help out by getting him to test a couple of our BM servers, 1 -BM3.7 and 1 - BM 3.8. No luck there either, Using the realtime monitor and aquire the detailed log from the BM 3.8 on our network does NOT reveal anything, no kind off traffic at all from him... Accordin...

BM 3.8 VPN Server behind NAT router
I've received different impressions from some of the information that I've read about BM 3.8 and NAT. Then I see a post from Cat saying "yes, provided that the CIsco is not doing NAt (for BM3.6). With BM3.8 should work in any case." So, to ask the question clearly of those most likely to know: Can a BM 3.8 server be positioned behind a NAT router, with a single interface, and work correctly with a client PC which is also behind a NAT router (assuming that the private network ranges are different, of course)? I'm considering an upgrade to SBS6.5, which has BM...

Silent install VPN client 3.8.1 and 3.8.2 ResultCode=-3
When i do a silent install of the VPN client 3.8.2 the setup will crash within the installation. (halfway the silent install) The log file gives a ResultCode=-3. When i start the silent install for the second time everything is OK. [InstallShield Silent] Version=v6.00.000 File=Log File [ResponseResult] ResultCode=-3 [Application] Name=Novell BorderManager VPN Client Version=3.8.0 Company=Novell Lang=0009 Is there a solution for this problem? Michiel I ve found the problem. The problem is starting a silent install from a networkdrive. When the silent install runs t...

Strange problem with VPN Client login to BM 3.8 behind NAT
I have a problem for a long time now. I need this to work. So anyone?! My setup: SBS 6.5 with BM 3.8SP2 s behind NAT(router - Efficient Speedstream 3950). I setp up C2S VPN on the BM with the public IP address as VPN IP. I set up VPN client everything seems OK. This is what I find: On the BM-server with VPN-Monitorting I see: AUTH Gateway : A connection was opened for a VPN Client at address <IP address of client> AUTH Gateway : Process NMAS request: NMAS authentication succesful VPN Control: VPN Client licenses have been acquired AUTH Gateway: VPN Client NMAS user ad...

C2S VPn on BM 3.8 behind a Efficient 5930 gateway(firewall/router)
Hi, I need to setup a Client-to-Site VPn connection to a NSBS 6.5 server with BM 3.8 running. I have one public IP on the Efficient router/gateway. I have a DMZ private range where the Efficient router and the NSBS 6.5 is in. (192.168.254.0/24) I have a private range where all the workstations are in. (10.1.0.0/24) The server is now available from the outside for mail by NAT-ing port 25 to the 10.1.0.x address of the server. How do I setup this BM server to get a C2S connection? Thanx, Lars Dam L, It appears that in the past few days you have not received a respons...

VPN client 3.7 used to connect on BM 3.8
Hi, I need to know if it is possible to have the VPN client 3.7.1 and be able to connect on BorderManager 3.8 and received a local IP address and DNS resolution. Setup is on Nw6.5 sp1b, BM 3.8 sp1, VPN client 3.7.1 Thxs... no, you need the BM3.8 client (and the BM3.8 server) for that. -- Caterina Luppi Novell Support Connection Volunteer Sysop ...

BM 3.8 VPN behind Sonicwall TZ170
Has anyone had success setting up a BM 3.8 C2S VPN behind a Sonicwall TZ170 or any sonicwall for that matter. Some of my customers are looking for a two layered firewall solution and several purchased these before I had a chance to check functionality. Thanks in advance. Reposted in VPN forum > Has anyone had success setting up a BM 3.8 C2S VPN behind a Sonicwall TZ170 or any sonicwall for that matter. Some of my customers are looking for a two layered firewall solution and several purchased these before I had a chance to check functionality. Thanks in advance. ...

Using Linux as a VPN Client with BM 3.8
Just installed SuSE on my laptop, and I'm looking to be able to connect to our BM3.8 VPN server. I came across the Open S/Wan project (sponsored by Novell & SuSE) but they make no mention of Open S/Wan working with BM. Does Open S/Wan work with BM ? Any pointers/gotchas to getting it (or another VPN client) working ? Thanks, GTG In article <pan.2004.11.03.09.16.50.366683@ccwdotgov.uk>, Gordon Ross wrote: > Does Open S/Wan work with BM ? Any pointers/gotchas to getting it (or > another VPN client) working ? > It should work, in certificate mode. (P...

BM 3.5 to BM 3.8 w/VPN
Bordermanager 3.5 server on Netware 5.1 providing firewall and proxy services for users on internal network. This box is also acting as the Master VPN server with multiple site-to-site VPN links to BM 3.5 slave servers. Primary Goal Replace the existing Bordermanager 3.5 master VPN server hardware with a new server running Bordermanager 3.8 on Netware 6.0. It is possible to have both servers online during migration. Must minimize disruption to firewall, proxy & VPN services. Secondary Goal: No changes (or minimial changes only) to the slave servers running BM 3.5. (T...

SUSE Linux client to BM 3.8 SP3 VPN server
Hi, Is it possible to connect with a SUSE based client (9.1, 9.2 or Novell Linux Desktop) to a BM 3.8 server? Do I need IPSec configured for that, or is there a Linux port of the BM Client? Does BM 3.8 support L2TP? It SHOULD be possible, but I am not sure there is any current documentation on how to do this (with OpenSwan or FreeSwan). Novell has been working on a Linux VPN client for over a year. I've asked about the status of that project. It has worked for a long time, but never been publicly available due to open source licensing issues. Craig Johnson Nove...

Atheros Client 3+ fails with VPN Client 3.8+ on Windows 2000
We are using new HP NC4010 and NC8000 laptops with the built-in HP WLAN 802.11 a/b/g W500 Wireless NIC. We have the Novell 4.90 SP1 client installed, along with the Bordermanager VPN Client 3.8.9 installed. The systems have the latest BIOS, the latest driver for the NIC from HP (ver 4.0.0.140), the latest Atheros Client provided by HP (ver 4.1.0.132) Our experience has been this.... When running Bordermanager VPN client 3.7 w/any Atheros Client version --> No Problems (This is an unacceptable workaround as we are moving to a Bordermanager 3.8 VPN server and need the clie...

Can I import VPN setting from BM 3.7 into BM 3.8
Hi all, we have a Netware 6.5 server with Bordermanager 3.7. (after migration from NW 5.1) This worked fine for a year, but now the server abends several times a day. Bordermanager is only used for Proxy and VPN. I want to replace the server with a new installed NW6.5 with BM 3.8. Can I quickly and easy import my current VPN settings from BM 3.7? Greetz, Erwin hi Erwin, You can't really "import" the VPN from a server to another one, unless you image it (but at the end you would have an identical server, i.e. 3.7). The safest way is to reconfigure the VPN in t...

Web resources about - VPN 3.8 Client behind Netgear Router and BM 3.8 behind Linux IPTABLES - novell.bordermanager.vpn

iptables - Wikipedia, the free encyclopedia
iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall ...

iptables howto port forwarding - Google Search
Tags: iptables , networking, port forwarding .... 5 days looking for information on how to forward ports through my Linux gateway and read almost ...

Netfilter and iptables: Stateful firewalling for Linux
Unix-savvy administrators may frown on using Linux for enterprise firewalling, but The Linux 2.4 kernel brings a level of security to Linux that ...

IPTables and Port Forwarding? 41
... Mandrake 8.1 as my router and i would like to forward a particular port to another machine on my LAN. I'm pretty sure I have to use iptables ...

German language - Wikipedia, the free encyclopedia
This page contains IPA phonetic symbols in Unicode . Without proper rendering support , you may see question marks, boxes, or other symbols instead ...

SpyEye Tracker :: SpyEye Blocklist
The abuse.ch SpyEye Tracker help you to track SpyEye Command&Control servers (C&Cs) and generating a IP-blocklist or domain-blocklist

ZeuS Tracker :: ZeuS blocklist
The abuse.ch ZeuS Tracker help you to track ZeuS Command&Control servers (C&Cs) and generating a IP-blocklist or domain-blocklist

DroidWall - Android Firewall - Android Apps auf Google Play
... ROOT REQUIRED!!! If you don't know what root is, please search for "Android root" in the Internet. Front-end application for the powerful iptables ...

Migrating mail server VM to a new host
I’ve been working on migrating a virtual host over to Rackspace which mainly runs a mail server among a few other small items. I wasn’t 100% ...

Anybody using lxc or OpenVZ in production?
... herring. You do not need libvirt. I had it installed already so went with it by default." "It just helps me not have to set up dnsmasq, iptables ...

Resources last updated: 12/8/2015 3:01:44 PM