wolf-r1 at wispertel.net
Thu Jan 5 00:25:54 CET 2006
It depends on the type of VPN you are using.
IPSec based VPNs typically use:
UDP 500 - IPSec negotiation
IP 51 - Authentication Header (AH) for IPSec negotiation
IP 50 - IPSec data
PPTP based VPNs typically use:
IP 47 - General Routing Encapsulation (GRE)PPTP data channel
TCP 1723 - PPTP control channel
You are going to want to figure out which type of VPN you are using and
allow for those ports. I would assume that since you're getting
authentication requests with port 500 open however your TCP 500 causes me to
wonder what type of VPN you have.
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Eduardo Ukstin
Sent: Wednesday, January 04, 2006 3:18 PM
To: netfilter at lists.netfilter.org
Subject: VPN rules
I´m trying to configure a subnet into my network to access a VPN
outside here. The vpn uses port 500, just the forward rules doesn´t
seem to work, my rule was this
iptables -A INPUT -i eth1 -p tcp -s xx.xx.xx.xx/24 --dport 500 -j
ACCEPT (after a established, related rule)
iptables -A FORWARD -i eth1 -s xx.xx.xx.xx/24 -p tcp --dport 500 -j
ACCEPT (also, after a established, related rule)
I think its enough, and sometimes the stations could connect very
well, but now, the vpn client start the connection and after the user
and password requisition he starts to try a reconnection.
I read something about protocol 47 (option -p 47) I need to use it?
Need some special patch in iptables or what?
Thanks a lot
GNU/Linux User #328388
More information about the netfilter