Apparently, _H. S._, on 17/05/05 23:21,typed:
> Hi,
>
> I am running an old computer as a router using Debian Sarge and kernel
> 2.6.10 kernel and iptables 1.2.11-10. Here is my setup:
>
> CompR
> ,-----------.
> (INTERNET) -->ppp0--->eth1 eth0 ---->SWITCH--->192.168.0.0/24
> `-----------'
>
> CompR is the router computer running iptables and doing masquerading.
>
> Before I set up this computer I had a D-Link router in its place with
> the option of VPN enabled. At that time, a Windows machine in my LAN was
> able to connect to an external VPN server(at my university) using a VPN
> client (Cisco's) and was able to sustain the connection.
>
> After I set up my router computer(and removed D-Link router), the
> Windows client can connect to the external VPN server but cannot sustain
> the connection. The connection seems to be breaking multiple times every
> hour. I have been trying various rules (searched from google) and have
> this stanza relating to this:
> # --- IN ---
> for VPNS in $VPN_SERVERS; do
> $IPTABLES -A INPUT -p udp -s $VPNS \
> -i $EXTIF --dport 500 -j ACCEPT
> done
> # --- OUT ---
> for VPNS in $VPN_SERVERS; do
> $IPTABLES -A OUTPUT -p udp -d $VPNS \
> -o $EXTIF --dport 500 -j ACCEPT
> done
> $IPTABLES -A FORWARD -i ${EXTIF} -p tcp --dport 500 -j ACCEPT
> $IPTABLES -A FORWARD -i ${EXTIF} -p udp --dport 500 -j ACCEPT
> $IPTABLES -t nat -A PREROUTING -p udp -i ${EXTIF} \
> --dport 500 -j DNAT --to-destination 192.168.0.15:500
<SNIP><SNIP>
>
> What am I doing wrong here? I have never dealt with this, VPN, situation
> before. If somebody could shed some light on this, it would be great.
>
> thanks,
> ->HS
>
>
Quite strangely, the VPN clients from within my private network have a
sustained connection with the VPN servers at my school. Things seem to
have improved today and maybe even the problem is all gone. But I am not
sure why. Here are the rules that I have in my iptables script now:
################################################## ##############
# VPN
#
if [ "$VPN_ALLOW" -eq "1" ];then
# --- IN ---
for VPNS in $VPN_SERVERS; do
$IPTABLES -A INPUT -p udp -s $VPNS \
-i $EXTIF --dport 500 -j ACCEPT
$IPTABLES -A FORWARD -i ${EXTIF} -s $VPNS \
-p tcp --dport 1723 -j ACCEPT
$IPTABLES -A FORWARD -i ${EXTIF} -s $VPNS \
-p udp --dport 500 -j ACCEPT
done
# --- OUT ---
for VPNS in $VPN_SERVERS; do
$IPTABLES -A OUTPUT -p udp -d $VPNS \
-o $EXTIF --dport 500 -j ACCEPT
done
fi
for VPNS in $VPN_SERVERS; do
$IPTABLES -A FORWARD -i ${EXTIF} -s $VPNS -p udp -j DnR_VPN
$IPTABLES -A INPUT -i ${EXTIF} -s $VPNS -p udp -j DnR_VPN
done
I added the last for loop just to log the remaining packets to see if
iptables registers some activity (DnR_VPN is a chain that logs the
packets and rejects them). Even through the VPN client connection of a
Windows computer is working, I still do not see any number of packets
arriving at or going out from port 500 or 1723 of ppp0: "pkts" and
"bytes" counter in the output of "iptables -nvL" is still zero of VPN
related rules. What am I missing here?
->HS
--
Please remove the underscores ( the '_' symbols) from my email address
to obtain the correct one. Apologies, but the fudging is to remove spam.
|
Similar Threads
Linear Mode
