vpn behind iptables

kris2002 · 06-25-2005, 02:00 PM

hello all
I've got a problem to connect vpn client to vpn server through gateway ( mandriva + iptables)
I've opened 47 and 1723 ports but in tcpdump
vpn client sending request to the vpn server and vpn server answering not to client but to gateway, what should i do to make it all work
Thanks for the help

kris2002 · 06-25-2005, 11:42 PM

if anyone knows, plz help

scowles · 06-26-2005, 06:39 AM

If you are trying to establish a PPTP based VPN, then I believe its protocol 47 (GRE), not port 47.

kris2002 · 06-26-2005, 10:18 AM

192.168.0.2 - vpn client
vpn.server.com - vpn server
gateway.server - gateway (mandrake + iptables)

tcpdump:

19:54:02.782530 192.168.0.2.1190 > vpn.server.com.pptp: S 2557184182:2557184182(0) win 8192 <mss 1460>
19:54:02.782706 gateway.server.1190 > vpn.server.com.pptp: S 2557184182:2557184182(0) win 8192 <mss 1460>
19:54:02.827835 vpn.server.com.pptp > 192.168.0.2.1190: S 3591717483:3591717483(0) ack 2557184183 win 5840 <mss 1460> (DF)
19:54:02.827963 vpn.server.com.pptp > 192.168.0.2.1190: S 3591717483:3591717483(0) ack 2557184183 win 5840 <mss 1460> (DF)
19:54:02.982548 192.168.0.2.1190 > vpn.server.com.pptp: P 1:157(156) ack 1 win 8760
19:54:02.982665 gateway.server.1190 > vpn.server.com.pptp: P 2557184183:2557184339(156) ack 3591717484 win 8760
19:54:03.041487 vpn.server.com.pptp > 192.168.0.2.1190: . ack 157 win 5840 (DF)
19:54:03.041630 vpn.server.com.pptp > 192.168.0.2.1190: . ack 157 win 5840 (DF)
19:54:03.048695 vpn.server.com.pptp > 192.168.0.2.1190: P 1:157(156) ack 157 win 5840 (DF)
19:54:03.048822 vpn.server.com.pptp > 192.168.0.2.1190: P 1:157(156) ack 157 win 5840 (DF)
19:54:03.222554 192.168.0.2.1190 > vpn.server.com.pptp: P 157:325(168) ack 157 win 8604
19:54:03.222685 gateway.server.1190 > vpn.server.com.pptp: P 156:324(168) ack 157 win 8604
19:54:03.273640 vpn.server.com.pptp > 192.168.0.2.1190: P 157:189(32) ack 325 win 6432 (DF)
19:54:03.273768 vpn.server.com.pptp > 192.168.0.2.1190: P 157:189(32) ack 325 win 6432 (DF)
19:54:03.273921 vpn.server.com > gateway.server: gre-proto-0x880B (gre encap)
19:54:03.402558 192.168.0.2.1190 > vpn.server.com.pptp: P 325:349(24) ack 189 win 8572
19:54:03.402686 gateway.server.1190 > vpn.server.com.pptp: P 324:348(24) ack 189 win 8572
19:54:03.412538 192.168.0.2 > vpn.server.com: gre-proto-0x880B (gre encap)
19:54:03.481696 vpn.server.com.pptp > 192.168.0.2.1190: . ack 349 win 6432 (DF)
19:54:03.481835 vpn.server.com.pptp > 192.168.0.2.1190: . ack 349 win 6432 (DF)
19:54:04.762537 192.168.0.2 > vpn.server.com: gre-proto-0x880B (gre encap)
19:54:06.274824 vpn.server.com > gateway.server: gre-proto-0x880B (gre encap)
19:54:07.762541 192.168.0.2 > vpn.server.com: gre-proto-0x880B (gre encap)
19:54:09.289070 vpn.server.com > gateway.server: gre-proto-0x880B (gre encap)
19:54:11.762547 192.168.0.2 > vpn.server.com: gre-proto-0x880B (gre encap)
19:54:12.298172 vpn.server.com > gateway.server: gre-proto-0x880B (gre encap)
19:54:14.842546 192.168.0.2.1190 > vpn.server.com.pptp: P 349:373(24) ack 189 win 8572
19:54:14.842677 gateway.server.1190 > vpn.server.com.pptp: P 348:372(24) ack 189 win 8572
19:54:14.842565 192.168.0.2 > vpn.server.com: gre-proto-0x880B (gre encap)
19:54:14.892184 vpn.server.com.pptp > 192.168.0.2.1190: . ack 373 win 6432 (DF)
19:54:14.892309 vpn.server.com.pptp > 192.168.0.2.1190: . ack 373 win 6432 (DF)
19:54:15.306228 vpn.server.com > gateway.server: gre-proto-0x880B (gre encap)
19:54:18.318269 vpn.server.com > gateway.server: gre-proto-0x880B (gre encap)
19:54:18.752550 192.168.0.2 > vpn.server.com: gre-proto-0x880B (gre encap)
19:54:21.328895 vpn.server.com > gateway.server: gre-proto-0x880B (gre encap)
19:54:22.752550 192.168.0.2.1190 > vpn.server.com.pptp: P 373:389(16) ack 189 win 8572
19:54:22.752676 gateway.server.1190 > vpn.server.com.pptp: P 372:388(16) ack 189 win 8572
19:54:22.781347 vpn.server.com.pptp > 192.168.0.2.1190: . ack 389 win 6432 (DF)
19:54:22.781483 vpn.server.com.pptp > 192.168.0.2.1190: . ack 389 win 6432 (DF)
19:54:22.785224 vpn.server.com.pptp > 192.168.0.2.1190: P 189:337(148) ack 389 win 6432 (DF)
19:54:22.785326 vpn.server.com.pptp > 192.168.0.2.1190: P 189:337(148) ack 389 win 6432 (DF)
19:54:23.012552 192.168.0.2.1190 > vpn.server.com.pptp: P 389:405(16) ack 337 win 8424
19:54:23.012672 gateway.server.1190 > vpn.server.com.pptp: P 388:404(16) ack 337 win 8424
19:54:23.077494 vpn.server.com.pptp > 192.168.0.2.1190: R 337:337(0) ack 405 win 6432 (DF)
19:54:23.077617 vpn.server.com.pptp > 192.168.0.2.1190: R 337:337(0) ack 405 win 6432 (DF)