[TriLUG] iptables and VPNs
Brian Weaver
weave at oculan.com
Fri Feb 6 16:59:17 EST 2004
I use to have a configuration for this, but then Nortel axed my reason
for keeping the config current.
If it is for Nortel they should be able to get you the information. I
got the information for setting up my firewall from Nortel. I probably
would still have the config but the disk with it bit the dust, that
didn't help.
I saw this (found using google)
---
Hi,
You need to open UDP port no. 500 in case if you are using IPSec/IKE as the
protocol. Otherwise you need to open TCP port no. 1723 in case you are
using PPTP. For L2TP, it is 1701.
---
Port 500 rings a bell. I think I just did something SIMILAR to:
iptables -t nat -A PREROUTING -s ${NORTEL}/32 \
-d ${FWHOST}/32 -p udp --destination-port 500 \
-j SNAT --to-source ${WINDOWS}
-Weave
Tarus Balog wrote:
> Gang:
>
> Anyone have experience fixing up VPN access through an iptables-based
> firewall? We have a linux box that acts like a router, and I was
> recently in need of a VPN connection through that firewall to a
> client's site. The VPN was by NORTEL, and I had to use the Contivity
> VPN client for Windows to access it. I *think* it was IKE based, but I
> am not even sure what that means (grin).
>
> My connection would establish, but then I would start losing packets
> (verified by repeated pings) until nothing would go through, over the
> span of about five minutes. I moved my system outside the firewall and
> these problems went away.
>
> Clues?
>
> -T
>
> ________________________________________________________________________
> ___
> Tarus Balog, OpenNMS Maintainer Main: +1 919 545 2553
> Blast Internet Services, Inc. Fax: +1 503-961-7746
> Email: tarus at opennms.org URL: http://www2.blast.com/tarus
> PGP Key Fingerprint: 8945 8521 9771 FEC9 5481 512B FECA 11D2 FD82 B45C
>
More information about the TriLUG
mailing list