Hi, >Yes, this is a bit confusing to me as well. In this scenario we have >the establishing of a vpn connection (udp port 4500), following this is >an attempt to establish a l2tp connection (udp port 1701 encapsulated >in the vpn tunnel). I think you're missing rule accepting traffic entering VPN connection interface. Try adding ACCEPT in INPUT or MARK 0x1 in PREROUTING for udp dport 1701. Alternatively you can MARK/ACCEPT incomming traffic on VPN interface (eg. tap0 - vpn interface, then -i tap0). The same will apply to traffic comming on l2tp interface if you going to terminate the connection on very same box. Hope that helps. Regards, Marek -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
