Vpn Server Problems

Discussion in 'Server Operation' started by steveomach3ww, Jan 18, 2007.

  1. steveomach3ww

    steveomach3ww New Member

    I just did a Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small Business Environment howto and i am having problems connecting to the vpn server and wonderd if anyone had any ideas. Here is the log.

    Jan 18 13:06:47 fireviper pptpd[23519]: MGR: Manager process started
    Jan 18 13:06:47 fireviper pptpd[23519]: MGR: Maximum of 10 connections available
    Jan 18 13:06:52 fireviper kernel: [42960346.620000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC= DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31844 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
    Jan 18 13:06:55 fireviper kernel: [42960349.620000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC=1 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31846 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
    Jan 18 13:07:01 fireviper kernel: [42960355.650000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC= DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31853 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
     
    Last edited: Jan 18, 2007
    steveomach3ww, Jan 18, 2007
    #1
  2. steveomach3ww

    steveomach3ww New Member

    Ok after shutting down the firewall i was able to connect to the vpn server so i know that it is a problem with my fire wall i just dont know how to put the rule in there connect to the firewall
     
    steveomach3ww, Jan 18, 2007
    #2
  3. steveomach3ww

    steveomach3ww New Member

    Found the Answer

    Finally found the answer here is how i was able to get it to work just incase anyone else has the same problem


    Add these lines to the Files:
    /etc/shorewall/tunnels:

    #TYPE ZONE GATEWAY GATEWAY ZONE
    pptpserver net 0.0.0.0/0

    /etc/shorewall/interfaces:

    #ZONE INTERFACE BROADCAST OPTIONS
    loc ppp+

    If you have a single external IP address, add the following to your /etc/shorewall/rules file:

    /etc/shorewall/rules:

    #ACTION SOURCE DEST PROTO DEST PORT(S)
    DNAT net loc:<server address> tcp 1723
    DNAT net loc:<server address> 47

    If you have multiple external IP address and you want to forward a single <external address>, add the following to your /etc/shorewall/rules file:

    /etc/shorewall/rules:

    #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
    # PORT(S) DEST
    DNAT net loc:<server address> tcp 1723 - <external address>
    DNAT net loc:<server address> 47 - - <external address>

    You will also want to add this entry to your /etc/shorewall/masq file:

    #INTERFACE SUBNET ADDRESS PROTO
    <external interface> <server address> <external address> 47

    Important

    Be sure that the above entry comes before any other entry that might match the server's address.
     
    steveomach3ww, Jan 18, 2007
    #3

Share This Page