Hello!
I habe a problem with VPN (PPTP) through a FW
(iptables)
Exercise:
Exercise:
I want through
a iptables-fw to a ms vpn server.
(INTERNET) -> FW(iptables) -> VPN
(PPTP MS SERVER)
I am able to make a vpn connect when I am
in the same net. So VPN Server works fine.
When I try to connect the VPN server from outside I get
an Err 721.
when i trace the session with tcpdump, I see traffic in
both directions (GRE and TCP 1721)
With a sniffer at MS VPN Server I see incoming and
outgoing traffic.
I
do not know what I make wrong!
Hier ar my rules for the
FW
ip_vpn_ext=xxx.xxx.xxx.xxx
ip_vpn_server=xxx.xxx.x.xx
trace_echo "VPN rules for LAN"
trace_echo "set VPN Lan Rules"
${IPTABLES} -t nat -A PREROUTING \
-i $i_external \
-p tcp \
-d $ip_vpn_ext --dport 1723 \
-j DNAT --to $ip_vpn_server:1723
${IPTABLES} -t nat -A PREROUTING \
-i $i_external \
-p gre \
-d $ip_vpn_ext \
-j DNAT --to $ip_vpn_server
${IPTABLES} -t nat -A POSTROUTING \
-o $i_external \
-p gre \
-s $ip_vpn_server \
-j SNAT --to-source $ip_vpn_ext
${IPTABLES} -t nat -A POSTROUTING \
-o $i_external \
-p tcp \
-s $ip_vpn_server --sport 1723 \
-j SNAT --to-source $ip_vpn_ext:1723
${IPTABLES} -A fwd_int \
-i $i_external \
-o $i_internal \
-p tcp \
-s $net_anywhere --sport $p_unpriv\
-m state --state NEW,ESTABLISHED \
-j ACCEPT
${IPTABLES} -A fwd_int \
-i $i_internal \
-o $i_external \
-p tcp \
-s $ip_vpn_server \
-m state --state ESTABLISHED \
-j ACCEPT