Solved

Shorewall & Windows VPN

Posted on 2006-06-12
5
653 Views
Last Modified: 2010-04-22
Hi Experts,

I've setup Remote Windows 2003 VPN Server and my gateway (shorewall NAT/firewalled) is linux box. The problem is my internal LAN cannot initiate VPN connections to Win2003 VPN Server. I can dial but when I reached verifying username and password it stops, I think there are ports to be open in my firewall. Experts your answers are all welcome.

WinXP VPN Client  --> Linux BOX (shorewall NAT/firewalled) --> Win2003VPNServer


Thank you.
0
Comment
Question by:marvelsoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:Blaz
ID: 16899948
For Microsoft VPN you need to open two things:
- tcp traffic to port 1723
- protocol 47 traffic

So in iptables the rules would be (the third should be already covered by ESTABLISHED):

-A FORWARD -d MS_VPN_firewall -p tcp --dport 1723 -j ACCEPT
-A FORWARD -d MS_VPN_firewall -p 47 -j ACCEPT
-A FORWARD -s MS_VPN_firewall -p tcp --sport 1723 -j ACCEPT
-A FORWARD -s MS_VPN_firewall -p 47 -j ACCEPT


My guess is you are letting through the tcp stuff (authentication, control) but are blocking the protocol 47 (data).
0
 

Author Comment

by:marvelsoft
ID: 16901433
HI Blaz,

I'm using shorewall firewall, what is the equivalent code of this in shorewall firewall?

0
 

Author Comment

by:marvelsoft
ID: 16901652
What is in MS_VPN_firewall?
0
 
LVL 16

Expert Comment

by:Blaz
ID: 16901702
I don't know exactly. Like I said you must allow protocol 47 through.

This might be set in rules configuration file:
#ACTION  SOURCE   DEST               PROTO
ACCEPT   net      MS_VPN_firewall 47
0
 
LVL 16

Accepted Solution

by:
Blaz earned 85 total points
ID: 16901719
Clicked submit too soon...

#ACTION  SOURCE                         DEST                         PROTO
ACCEPT   loc                                  MS_VPN_firewall_IP    47
ACCEPT   MS_VPN_firewall_IP         loc                             47


MS_VPN_firewall_IP is the IP of the firewall you are connecting to.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question