Mahendra Nag Jayanthi wrote:
> I have a Routing and Remote access server inside my LAN. > When I am inside the LAN I am able to successfully connect to the VPN server > and obtainan IP. Firewall is not in the picture ! > My network is protected on shorewall firewall. I have made enough changes as > directed in > http://www.shorewall.net/VPNBasics.html#Zones but > Eventhough I have configured as directed above some or the other policy is > making me drop packets on firewall.. A two step strategy is usually helpful in troublshooting IPSec VPNs 1. make sure that normal traffic can pass through 2. tunneled traffic running on top of L2TP > > Any help suggested is highly helpfull . I have tried directly port > forwarding the port 1723 also.. but no use .. its connecting but packets are > not going out of the network.. As a test, don't filter and don't forward for port 1723. Let me know how it goes. > > Surprisingly , another VPN client machine is successfully connecting to a VPN > server.. > Do VPN port numbers differ from VPN type to type (i mean vendor specific or > opensource).. isnt there any standard protocol for VPNs..? > Windows XP SP2 VPN client is a MS-CHAP v2 client. Which VPN server are you using ? Which open source VPN client are you using ? In both cases, please quote details of 'uname -r'. There is a well defined VPN standard for IPSec based VPNs. IPSec protocols operate at network layer, so the firewall rules must allow for the connecting peers, which i'm sure you must have taken care of. Most VPN clients connecting to a VPN server, essentially use L2TP protocol. The important point to understand here is that L2TP is a layer 5 protocol (UDP port 1701) and acts as a layer 2 protocol for the tunneled network traffic. Please share more info about your network topology as well. thanks Saifi.
