VPN and IPtables

Ilya Palagin tux-4CS0UopE6WdBDgjK7y7TUQ at public.gmane.org
Wed Sep 15 19:37:56 UTC 2004


Quoting Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>:

> On Wed, Sep 15, 2004 at 02:44:04PM -0400, David Kreuter wrote:
> > Hi: My linux machine has two NICs, one connnected to Rogers hispeed
> > 24.x.x.x. Other NIC is
> > on private 192.168.x.x.  Windows box is on 192.168.x.x and works fine
> > using the internet through
> > the linux machine - Iptables is setup and is NATting.
> >
> > Now I want to use windows machine with Cisco VPN client. Can't connect.
> > If I directly connect
> > the Windows box NIC to the 24. network it works of course.
> >
> > Can I train iptables to pass the encapsulated packets to/from my windows
> > VPN client?
> 
> Are you blocking any outbound traffic from the windows machine?  I was
> under the impression that most vpn clients would work through NAT (or at
> least I have seen some that did, although I don't remember which).
> 
> On the other hand IPsec does seem to include the IP of each end inside
> the packets, so having the wrong ip inside the packet compared to who
> the other end receives it from could be a problem.
> 
> ipsec uses protocol ah, esp and udp port 500.  In case that helps you at
> all.

Experimenting with my SonicWall VPN client, I allowed everything to/from my
internal Windows machine.  It didn't help.  Windows firewall shows packets
between ports 500 (I disabled this one too for tests), iptables logger shows
activity as well.  There is a traffic, but no VPN connection.

Ilya.

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list