VPN rules

[P. Harlow]

It depends on the type of VPN you are using.

IPSec based VPNs typically use:

UDP 500 - IPSec negotiation
IP 51 - Authentication Header (AH) for IPSec negotiation
IP 50 - IPSec data

PPTP based VPNs typically use:

IP 47 - General Routing Encapsulation (GRE)PPTP data channel
TCP 1723 - PPTP control channel

You are going to want to figure out which type of VPN you are using and
allow for those ports. I would assume that since you're getting
authentication requests with port 500 open however your TCP 500 causes me to
wonder what type of VPN you have.

-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Eduardo Ukstin
Sent: Wednesday, January 04, 2006 3:18 PM
To: netfilter at lists.netfilter.org
Subject: VPN rules

Hi

I´m trying to configure a subnet into my network to access a VPN
outside here. The vpn uses port 500, just the forward rules doesn´t
seem to work, my rule was this

iptables -A INPUT -i eth1 -p tcp -s xx.xx.xx.xx/24 --dport 500 -j
ACCEPT (after a established, related rule)

and

iptables -A FORWARD -i eth1 -s xx.xx.xx.xx/24 -p tcp --dport 500 -j
ACCEPT (also, after a established, related rule)

I think its enough, and sometimes the stations could connect very
well, but now, the vpn client start the connection and after the user
and password requisition he starts to try a reconnection.

I read something about protocol 47 (option -p 47) I need to use it?
Need some special patch in iptables or what?

Thanks a lot

--
Eduardo Ukstin
GNU/Linux User #328388