ok. How to get your Nortel (or possibly other) IPsec VPN Clients on a windows pc working when you have a smoothwall firewall v 0.9.9 se with patches.
Step 1.
Firstly you need to download 1 pre-compiled ipsec module.
You will need to figure out what kernel modules you are currently using.
You can do this by looking in the /lib/modules dir. The highest version numbered kernel will be your current one. As of patch fix 18 it was 2.2.21
ie.
root@smoothwall/lib/modules# ls -l
total 12
drwxr-xr-x 7 root root 4096 Feb 1 2002 2.2.19/
drwxr-xr-x 7 root root 4096 Nov 4 2001 2.2.20/
drwxr-xr-x 7 root root 4096 Sep 19 04:58 2.2.21/
Kernel version 2.2.19
http://www.lintegrate.nl/download/modules/with-modversion-modules/2.2.19/ipv4/ip_masq_ipsec.o
Kernel version 2.2.20 http://www.zelow.no/floppyfw/download/modules/2.2.20/ipv4/ip_masq_ipsec.o
Kernel version 2.2.21 http://www.zelow.no/floppyfw/download/modules/2.2.21/ipv4/ip_masq_ipsec.o
Step 2.
Copy the file into : /lib/modules/2.2.xx/ipv4 xx being the relevent kernel version of your system!
You will need to use a tool like winscp to transfer a file to your smoothwall box.
Get winscp here.
Step 3.
Login to your smoothwall box with your favorite ssh terminal or the ssh java client on the smoothwall admin webpage.
Edit the file /etc/rc.d/rc.network ie. "vi /etc/rc.d/rc.network"
Find the line 'echo "loading MASQ helper modules"'
Here you will find other modules that are loaded by smoothwall upon start up.
Note: The loaded modules can been seen via the "info" page in the smoothwall admin page (at the very bottom!).
Before the modules put in the following line.
insmod -f ip_masq_ipsec
After all the other module "modprobe" commands put in the following line.
modprobe ip_masq_ipsec
Save and close this file.
Step 4.
You can now reboot the smoothwall box.
Type "reboot" when logged in as root :)
Watch it as it reboots. You should see some info about the IPsec module.
After it has booted goto the web admin and check to see that the module is loaded.
Look at the very bottom and you will see "ip_masq_ipsec".
You can also look in /var/log/messages for this by typing something like :
tail -500 /var/log/messages | grep ipsec | more
This will give you something like :
Oct 8 18:36:17 smoothwall kernel: ip_masq_ipsec init_module(): entry
Oct 8 18:36:17 smoothwall kernel: ip_masq_ipsec: loading
Step 5.
Now on your windows box start up your VPN client and see if you are able to connect to your VPN concentrator.
Tada! You should now bee connected *fingers crossed*
I did this without adding any extra client side rules etc.
I hope this works for you.
If it doesn't them im not sure what I can do for you. Apparently, there are some IPsec clients that don't use an NAT-compatable version of IPsec and these can't be used with products like smoothwall/home cable/dsl routers etc.