[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 896
  • Last Modified:

How can I setup multiple VPN sessions under masquerade NAT on iptables?

I used cent OS 5.2 as my Linux gatway that has iptables installed and there are many clients access though this server in oder to access Internet connection.
Here is how it connected
             Cleints ==> Gateway==> Internet

My problems is when first cleint access to vpn server on the Internet. It worked fine
but when second client access to same or another VPN server? It didn't work.
My Linuxbox is runing on centos 5.2 kernel  2.6.18-92.el5, iptables 1.4.3
here is my masquarade nat rule
-A POSTROUTING -o ppp0 -j MASQUERADE

Any Idea please suggestion me? Thank
0
neo_cpe
Asked:
neo_cpe
  • 2
  • 2
1 Solution
 
nociSoftware EngineerCommented:
I am not sure what VPN solution you use, probably IPSEC.
IPSEC is defined by using udp messages FROM port 500 TO port 500 exclusively. So with masquerading this will work for the first connection available.

IPSEC has been enhanced to handle this, this is called NATT more. then all packets are sent to port 4500 without assumptions about the source port.
==> the packets can be MASQUERADED.
The solution is either you provide the tunnels from your gateway.... or you activate NATT mode.
0
 
nociSoftware EngineerCommented:
BTW IPSEC is implemented by KAME/RACOON or one of FreeSwan or its forks OpenSwan or StrongSwan)
0
 
neo_cpeAuthor Commented:
Thank you for your comment. I would link to use  both PPDP and IPSEC after I searched releated articles on the Internet.  I found that the problem might come from linux kernel bug and It need to be patch.
 He had the same problem with me >>http://lists.netfilter.org/pipermail/netfilter/2006-January/064346.html

However, I don't know how to use path-o-megic to path both kernal and iptables. Any suggestion please help me.
0
 
neo_cpeAuthor Commented:
Now I found the solution from google already by using these command
/sbin/modprobe ip_nat_pptp
/sbin/modprobe ip_conntrack_pptp
Due to kernel 2.6 already solved the problem but you have to add 2 modules
to iptables.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now