VPN and IPtables

Wed Sep 15 19:28:11 UTC 2004

On Wed, Sep 15, 2004 at 02:44:04PM -0400, David Kreuter wrote:
> Hi: My linux machine has two NICs, one connnected to Rogers hispeed 
> 24.x.x.x. Other NIC is
> on private 192.168.x.x.  Windows box is on 192.168.x.x and works fine 
> using the internet through
> the linux machine - Iptables is setup and is NATting.
> 
> Now I want to use windows machine with Cisco VPN client. Can't connect. 
> If I directly connect
> the Windows box NIC to the 24. network it works of course.  
> 
> Can I train iptables to pass the encapsulated packets to/from my windows 
> VPN client?

Are you blocking any outbound traffic from the windows machine?  I was
under the impression that most vpn clients would work through NAT (or at
least I have seen some that did, although I don't remember which).

On the other hand IPsec does seem to include the IP of each end inside
the packets, so having the wrong ip inside the packet compared to who
the other end receives it from could be a problem.

ipsec uses protocol ah, esp and udp port 500.  In case that helps you at
all.

Lennart Sorensen
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml