Solved

Shorewall & Windows VPN

Posted on 2006-06-12
5
644 Views
Last Modified: 2010-04-22
Hi Experts,

I've setup Remote Windows 2003 VPN Server and my gateway (shorewall NAT/firewalled) is linux box. The problem is my internal LAN cannot initiate VPN connections to Win2003 VPN Server. I can dial but when I reached verifying username and password it stops, I think there are ports to be open in my firewall. Experts your answers are all welcome.

WinXP VPN Client  --> Linux BOX (shorewall NAT/firewalled) --> Win2003VPNServer


Thank you.
0
Comment
Question by:marvelsoft
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:Blaz
ID: 16899948
For Microsoft VPN you need to open two things:
- tcp traffic to port 1723
- protocol 47 traffic

So in iptables the rules would be (the third should be already covered by ESTABLISHED):

-A FORWARD -d MS_VPN_firewall -p tcp --dport 1723 -j ACCEPT
-A FORWARD -d MS_VPN_firewall -p 47 -j ACCEPT
-A FORWARD -s MS_VPN_firewall -p tcp --sport 1723 -j ACCEPT
-A FORWARD -s MS_VPN_firewall -p 47 -j ACCEPT


My guess is you are letting through the tcp stuff (authentication, control) but are blocking the protocol 47 (data).
0
 

Author Comment

by:marvelsoft
ID: 16901433
HI Blaz,

I'm using shorewall firewall, what is the equivalent code of this in shorewall firewall?

0
 

Author Comment

by:marvelsoft
ID: 16901652
What is in MS_VPN_firewall?
0
 
LVL 16

Expert Comment

by:Blaz
ID: 16901702
I don't know exactly. Like I said you must allow protocol 47 through.

This might be set in rules configuration file:
#ACTION  SOURCE   DEST               PROTO
ACCEPT   net      MS_VPN_firewall 47
0
 
LVL 16

Accepted Solution

by:
Blaz earned 85 total points
ID: 16901719
Clicked submit too soon...

#ACTION  SOURCE                         DEST                         PROTO
ACCEPT   loc                                  MS_VPN_firewall_IP    47
ACCEPT   MS_VPN_firewall_IP         loc                             47


MS_VPN_firewall_IP is the IP of the firewall you are connecting to.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question