RE: [Leaf-user] VPN behind Dachstein

Fri, 12 Apr 2002 08:47:13 -0700 

In regards to:
-snip-
Oh...you also have to let the VPN protocol packets through the
firewall...it's not clear if you're doing this from the above.  ie:
EXTERN_PROTO0="47 vpnserverip/32"
-snip-

Would I have to also do this for port 1723?

Thanks.

-----Original Message-----
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 11:43 AM
To: Dustin Reiner; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN behind Dachstein


>    I am attempting to replace a 2.9.4 based firewall with Dachstein.  The
> current firewall forwards VPN traffic to a server behind itself.  I have
> setup the new server with the following entries in network.conf, but I
have
> apparently missed something because I can't connect.  If anyone can help,
I
> would appreciate it.
>
> Thanks,
> Dustin
>
> -snip-
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> EXTERN_TCP_PORTS="0/0_vpn"
> -snip-
> # Advanced settings: parameters passed directly to portfw and autofw
> # Indexed list: "<ipmasqadm portfw options>"
> #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> #INTERN_SERVER1=""
> INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
> -snip-
>
> I have also added the vpn service to /etc/services as:
>
> vpn 1723/tcp #vpn traffic
>
> and am running ipfwd as:
>
> /usr/sbin/ipfwd --masq vpnserverip 47 &

I think you need to use the ip_masq_pptp.o module, rather than trying to
forward the VPN packets manually, but I don't do a lot of VPN masquerading.
Is this a standard PPTP VPN?  If so, there are several folks on-list who
have made this work, and can probably help better with exact setup
requirements...

Oh...you also have to let the VPN protocol packets through the
firewall...it's not clear if you're doing this from the above.  ie:
EXTERN_PROTO0="47 vpnserverip/32"

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to