VPN and IPtables
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Wed Sep 15 19:43:23 UTC 2004
On Wed, Sep 15, 2004 at 02:55:50PM -0400, Ilya Palagin wrote:
> Quoting David Kreuter <dkreuter-q4+D78v0SMv8u52rGdhAxQ at public.gmane.org>:
>
> > Hi: My linux machine has two NICs, one connnected to Rogers hispeed
> > 24.x.x.x. Other NIC is
> > on private 192.168.x.x. Windows box is on 192.168.x.x and works fine
> > using the internet through
> > the linux machine - Iptables is setup and is NATting.
> >
> > Now I want to use windows machine with Cisco VPN client. Can't connect.
> > If I directly connect
> > the Windows box NIC to the 24. network it works of course.
> >
> > Can I train iptables to pass the encapsulated packets to/from my windows
> > VPN client?
> >
> > Thanks, David
> >
>
> I've got the same problem, but with SonicWall VPN client. At the same time,
> PPTP VPN access works just fine. Spent some hours trying to find a solution, no
> success yet. There is must be a way to fix that. Small routers like Linksys
> have (as far as I know) Linux on board without any issues with VPN clients.
Hmm, PPTP being rather insecure doesn't have a problem with NAT. ipsec
seems like it might. I just found that the Shorewall (iptables script)
says that with ipsec only one client behind the firewall can use ipsec
at a time, and port udp 500 and protocol 50 have to be forwarded to that
machine by the firewall. A bit of a pain I guess, but then again ipsec
was meant to be used between machines that can ping each other both ways
before establishing the tunnel. That kind of rules out NAT in between.
Lennart Sorensen
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list