[cvsnt] IPSec and CVSNT

Paul pjones_legion_NO_SPAM_ at hotmail.com
Wed Mar 24 12:20:03 GMT 2004


Hello All,

We are having problems trying to get a client machine talking to our CVSNT
server when IPSec is enabled. The topology of the system is as follows:

Client machine - This machine (Windows XP, using WinCVS client, SSPI) is
based offsite. It connects to our corporate LAN via SecureClient through
our CheckPoint-NG VPN.

CVSNT Server (2.0.4) - This machine is onsite (Windows 2K prof). The
machine has been locked down using an IPSec policy. What I mean by that is
that the 'Secure Server (Require Security)' policy is assigned.
Authentication between this server and any client is done using a shared
string (that's a setting within the IPSec policy).

Now, client machines onsite connect perfectly well to the CVSNT server and
we can checkin/out with no problems when IPSec is enabled. However, when
our offsite client trys to perform a cvs operation we get the following
error

"cvs [update aborted]: connect to XXXX-CVS (xxxx-cvs.xxxx.com):2401
failed: A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection failed
because connected host has failed to respond"

If I disable the IPSec policy on the CVSNT server, our offsite client
starts working again. So, the obvious culprit here is IPSec. I don't
confess to be an IT Admin expert but as far as I can tell, the IPSec
policy we have isn't blocking any particular traffic on port 2401. Indeed
we know that the onsite clients tunnel through successfully anyway.

Has anyone else had experience of IPSec + CVSNT + VPN's ???

Any advice, help or general comments will be greatly appreciated,

Thanks

Paul.



More information about the cvsnt mailing list