LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-15-2006, 02:07 PM   #1
khuongdp
LQ Newbie
 
Registered: Aug 2005
Posts: 5

Rep: Reputation: 0
Not working properly with openswan/l2tp


I followed the tutorial from

megaz.arbuz.com/archives/2005/01/28/linux-vpn-guide/1
jacco2.dds.nl/networking/

and got it working in some way. My network is like this


client(192.168.0.4)<-->(192.168.0.1)Router(x.x.x.x)<-->Internet<-->(x.x.x.x)Router(192.168.0.1)<-->(192.168.0.2)Firewall/dhcp(192.168.10.1)
<----->(192.168.10.2)Client1
<----->(192.168.10.3)Client2
<----->(192.168.10.4)Client3

Both the client and server is behind nat.

I can connect to the vpn and ping/ssh to my firewall/dhcp machine. But when I try to ping/ssh Client1-3 I get a timeout. I am fine ping/ssh to client1-3 through my Firewall/dhcp machine.

I think it's somthing wrong with my iptables rules

Code:
# vpn
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 500 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -m udp -p udp --dport 500 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 4500 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -m tcp -p tcp --dport 4500 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 4500 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -m udp -p udp --dport 4500 -j ACCEPT

iptables -A FORWARD -i ppp+ -j ACCEPT
iptables -A FORWARD -o ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT

# ---------------------------------------------------------------------------------

# ESP encryption and authentication
# Allow ESP Traffic from/to Gateway
iptables -A INPUT -i $WAN_MIC -p esp -j ACCEPT
iptables -A OUTPUT -o $WAN_MIC -p esp -j ACCEPT

# Tag Incoming IPSec Traffic. 'mark' sticks after processing.
iptables -t mangle -A PREROUTING -i $WAN_MIC -p esp -j MARK --set-mark 1

# Forward Authenticated Traffic to LAN.
iptables -A FORWARD -i $WAN_MIC -m mark --mark 1 -d $PERSONAL_LAN_IP_NET -j ACCEPT

# SRC nat everything apart from esp traffic.
iptables -t nat -A POSTROUTING -o $WAN_MIC -p ! esp -j SNAT --to-source $WAN_IP
Thx in advance
 
Old 05-24-2007, 08:57 PM   #2
mahesh_sonawane
LQ Newbie
 
Registered: Oct 2006
Location: Japan
Posts: 13

Rep: Reputation: 0
I am also facing the same problem. I made a simple network as follows:

server (192.168.1.10)<--->(LAN 192.168.1.1) Router(WAN 155.178.16.1)<---> Client (155.178.16.10)

Please, help me.

Thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ping -c not working properly mehro Linux - Software 3 09-19-2005 06:31 AM
openswan: internet stops working messiahnet Linux - Networking 1 08-17-2005 03:48 PM
Thunderbird 0.8 not working properly aeruzcar Linux - Software 2 09-24-2004 02:15 AM
X not working properly. MylesCLin Linux - Software 1 09-15-2004 10:46 AM
virtusertable not working properly Manuel-H Linux - General 0 04-30-2003 08:38 AM


All times are GMT -5. The time now is 08:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration