VPN revisited.

Sevan / Venture37 venture37 at hotmail.com
Fri Aug 15 18:46:45 UTC 2008


> Yes, its those very kernel modules and iptables rules Im currently
> wrestling with, to no avail.
> 
> At the moment, Ive loaded ip_conntrack_pptp and reduced my iptables
> rules to the minimum needed to have coovachilli function, plus
> allowing related and established. There is nothing blocking the
> connection and I can telnet to 1723 on the VPN box without issue. The
> issue seems to be pass through or something else but I havent narrowed
> it down farther. It just seems like the communication between pptp
> client and vpn server goes haywire during the transaction. There is no
> one else using VPN through this system right now.
> 
> Does anyone have experience with this?
> 
> Any help would be mucho appreciated at this point.
> 
> --Ian

It's not only port 1723, you need to pass protocol 47 aswell
eg

vpnserver="172.16.0.2"
/sbin/iptables -N pptp
/sbin/iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT
/sbin/iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT
/sbin/iptables -I FORWARD -j pptp
/sbin/iptables -t nat -N pptp
/sbin/iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to $vpnserver:1723
/sbin/iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver
/sbin/iptables -t nat -A PREROUTING -j pptp


_________________________________________________________________
Win a voice over part with Kung Fu Panda & Live Search   and   100’s of Kung Fu Panda prizes to win with Live Search
http://clk.atdmt.com/UKM/go/107571439/direct/01/


More information about the Chilli mailing list