VPN revisited.

Sevan / Venture37 venture37 at hotmail.com
Fri Aug 15 18:46:45 UTC 2008

> Yes, its those very kernel modules and iptables rules Im currently
> wrestling with, to no avail.
> At the moment, Ive loaded ip_conntrack_pptp and reduced my iptables
> rules to the minimum needed to have coovachilli function, plus
> allowing related and established. There is nothing blocking the
> connection and I can telnet to 1723 on the VPN box without issue. The
> issue seems to be pass through or something else but I havent narrowed
> it down farther. It just seems like the communication between pptp
> client and vpn server goes haywire during the transaction. There is no
> one else using VPN through this system right now.
> Does anyone have experience with this?
> Any help would be mucho appreciated at this point.
> --Ian

It's not only port 1723, you need to pass protocol 47 aswell

/sbin/iptables -N pptp
/sbin/iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT
/sbin/iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT
/sbin/iptables -I FORWARD -j pptp
/sbin/iptables -t nat -N pptp
/sbin/iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to $vpnserver:1723
/sbin/iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver
/sbin/iptables -t nat -A PREROUTING -j pptp

Win a voice over part with Kung Fu Panda & Live Search   and   100’s of Kung Fu Panda prizes to win with Live Search

More information about the Chilli mailing list