VPN Traffic on Windows
Hi Guys,
I have a strange problem which thus far I haven't managed to resolve despite many attempts. At work we have a VPN setup at work which uses vtund. The fedora core 3 box connects to the VPN and I am able to ping any machine as if I were there in the office but from the windows machine it simply won't ping anything (request timed out). The bad part is I need the windows machines to be able to access the VPN as the applications I need to run only work with windows. The work VPN is setup to run on 172.17.10.0/255.255.255.0 and my home network is setup on 172.17.12.0/255.255.255.0. I have an ADSL router/modem which I have allowed all traffic from 172.17.10.0/255.255.255.0 and IP address is 172.17.12.254. My iptables which is located here I am thinking is OK but by all means make any suggestions as appropriate. Any suggestions would be great. Thanks Cheers |
How many NICs do you have? What does your routing table look like?
While you are testing, take your firewall out of the equation. Run this: #!/bin/bash # This will clear your firewall and enable forwarding # DON"T LEAVE THIS RUNNING!! echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -P OUTPUT ACCEPT for table in filter nat mangle do /sbin/iptables -t $table -F /sbin/iptables -t $table -X /sbin/iptables -t $table -Z done # End of Script |
I am happy to say this would appear to be a routing, still though I am a little uncertain how I solve this one.
Reason I say this when I move the windows machines to the default gateway of 172.17.12.1 (linux box) instead of 172.17.12.254 (router / modem) the VPN side of things works without any firewall changes. The output from my routing table is as follows: Destination Gateway Genmask Flags Metric Ref Use Iface 172.25.254.8 * 255.255.255.255 UH 0 0 0 tun1 172.17.12.0 * 255.255.255.0 U 0 0 0 eth1 172.17.10.0 172.25.254.8 255.255.255.0 UG 0 0 0 tun1 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default home.gateway 0.0.0.0 UG 0 0 0 eth1 I have 2 nics but only 1 is being used since I moved to ADSL. |
Let me get this straight, your original config had you connecting your linux box directly to the adsl modem (through a hub/switch?) and you also connected directly to your adsl modem through your windows box. If this is correct, that means your windows machine was never passing through your linux machine and hence, never being routed through your tunnel.
As for your 2 NICs, I have a similar setup at home; ADSL, Linux router and serveral machines internally. I suggest you review how you have yours configured because it should look like this: ADSL --- Linux --- Switch/Hub --- Internal LAN machines Where you have it configured ADSL --- Switch/Hub ------- Linux Machine .................................... ^--Windows machine [edit: *arg* my text diagram didn't work out. :rolleyes: ] |
Sorry about the delay, I've been fairly busy and haven't had a chance to reply until now.
I originally had cable which was a simple cable modem which went into eth0 using dhcp from the cable provider and then eth1 went into a hub off to all my other computers connected via it including an access point which worked flawlessly. Now I have an adsl router/modem and all the machines hanging off of it as you demonstrated in your text picture which seems to be causing problems. I agree, I am going to rethink how I'm going to do this, I'm thinking simply using DMZ on the router to forward all ports to the linux box, from there control iptables to decide on which way the traffic goes from there. |
Quote:
Quote:
Quote:
Quote:
edit: removed the unintential BOLD tags |
All times are GMT -5. The time now is 12:02 PM. |