newbie cant connect to clients VPN through my NAT.
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
newbie cant connect to clients VPN through my NAT.
Hello,
I have several XP work stations, behind an Ubuntu 8.04 server providing NAT for the office.
When we had the DLINK router providing NAT, we were able to connect to a clients VPN based on PPTP/PPP using the windows VPN client without any problems.
Now we can no longer connect to the clients VPN.
My nat.sh file looks like this:
(I came up with this from diferent tutorials and howtos)
Code:
# Load the NAT module (this pulls in all the others).
modprobe iptable_nat
# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out ppp0 (-o ppp0) which says to
# MASQUERADE the connection (-j MASQUERADE).
iptables -F
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Is it the ppp0 interface you want to MASQUERADE or some ethernet interface? (Is your Ubuntu box actively participating in the VPN trafic of the XP boxes or just passing through already encrypted traffic?)
A less important question (I think) is do you want to MASQUERADE or DNAT? MASQUERADE is designed for connections where the IP address is likely to change when an interrupted or dropped connection is re-established and DNAT is for stable IP addresses.
Also, let me give you a hint. The following commands (as root) are sometimes useful for troubleshooting:
The -v option on those commands will cause packet and byte counts to be shown with each rule. Each packet the rule processes that matches that rule will increase these counters. So if you your traffic is not too heavy you might get some clues what might be wrong.
Last edited by blackhole54; 11-23-2008 at 04:59 AM.
Reason: minor wording change
On our DLINK router we had to open specific ports to allow a VPN to connect. Did you have a setting in your router that you need to duplicate in your iptables?
On our DLINK router we had to open specific ports to allow a VPN to connect. Did you have a setting in your router that you need to duplicate in your iptables?
Are you describing a situation where a client is behind a DLINK router or where the server is behind the DLINK router? If it is the client, can you provide a link to info abou what needs to be opened? Thanks.
Thanks for the link, mostlyharmless. The way I am reading it, that article is talking about ports that need to be opened for the server rather than at the client end. Am I missing something?
My understanding is that they had to be open on the client side as well. Certainly, we couldn't get a VPN connection until we did that, and closing them again (which I did inadvertantly once) stopped the VPN connection from working.
I didn't read the specific link closely; I was just looking for a generic list of ports. For our specific work related VPN we got a list of ports from work to open on our home router to allow the VPN to connect.
I was inquiring because of my involvement with another thread with pptp problems. After doing some more Internet search and looking at the Wikipedia page I see that NAT and firewall can cause problems because both GRE and a TCP connection are involved. Indeed, I see that netfilter has a special module to track pptp connections. So after letting this digest in my own mind for a while, I'll try to pass on my partial understanding to the other poster in hopes of helping him.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.