Yes, iptables -A INPUT -p 47 ... (or gre) iptables -A INPUT -p 50 ... iptables -A INPUT -p 51 ... and none of these received any package. I'm afraid this is a proprietary vpn, at least the client is. Thanks On 1/5/06, Sp0oKeR <spooker@xxxxxxxxx> wrote: > Did you allow gre protocol ? > Some rule like: > > iptables-I INPUT -p gre ...... > > > Regards, > > > On 1/5/06, Eduardo Ukstin <ukstin@xxxxxxxxx> wrote: > > I've created some rules to see what the vpn client is trying to do, > > and saw some interesting things. > > > > In the negociation the client goes throw the vpn server (outside my > > lan) and everything works, but after this, it tries to ping a > > 192.43... ip, my firewall doesn't rotate this, and of course this ping > > requisition cannot goes through. But I'm a little confused about what > > to do, create a route for this 192 or make a prerouting rule, in any > > of this cases I'm not certain of what I need to do. > > > > My internal network has ip 10..... > > > > On 1/4/06, P. Harlow <wolf-r1@xxxxxxxxxxxxx> wrote: > > > It depends on the type of VPN you are using. > > > > > > IPSec based VPNs typically use: > > > > > > UDP 500 - IPSec negotiation > > > IP 51 - Authentication Header (AH) for IPSec negotiation > > > IP 50 - IPSec data > > > > > > PPTP based VPNs typically use: > > > > > > IP 47 - General Routing Encapsulation (GRE)PPTP data channel > > > TCP 1723 - PPTP control channel > > > > > > You are going to want to figure out which type of VPN you are using and > > > allow for those ports. I would assume that since you're getting > > > authentication requests with port 500 open however your TCP 500 causes me to > > > wonder what type of VPN you have. > > > > > > > > > > -- > ===================== > Rodrigo Ribeiro Montoro > Desenvolvedor BRMAlinux > spooker@xxxxxxxxxx > RHCE/LPIC-I > ===================== > -- Eduardo Ukstin GNU/Linux User #328388
