Vpn Server Problems [Archive] - HowtoForge Forums | HowtoForge

steveomach3ww

18th January 2007, 21:07

I just did a Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small Business Environment howto and i am having problems connecting to the vpn server and wonderd if anyone had any ideas. Here is the log.

Jan 18 13:06:47 fireviper pptpd[23519]: MGR: Manager process started
Jan 18 13:06:47 fireviper pptpd[23519]: MGR: Maximum of 10 connections available
Jan 18 13:06:52 fireviper kernel: [42960346.620000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC= DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31844 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 18 13:06:55 fireviper kernel: [42960349.620000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC=1 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31846 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 18 13:07:01 fireviper kernel: [42960355.650000] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:d0:b7:0e:70:f1:08:00 SRC= DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31853 DF PROTO=TCP SPT=59081 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0

steveomach3ww

18th January 2007, 21:31

Ok after shutting down the firewall i was able to connect to the vpn server so i know that it is a problem with my fire wall i just dont know how to put the rule in there connect to the firewall

steveomach3ww

19th January 2007, 00:22

Finally found the answer here is how i was able to get it to work just incase anyone else has the same problem

Add these lines to the Files:
/etc/shorewall/tunnels:

#TYPE ZONE GATEWAY GATEWAY ZONE
pptpserver net 0.0.0.0/0

/etc/shorewall/interfaces:

#ZONE INTERFACE BROADCAST OPTIONS
loc ppp+

If you have a single external IP address, add the following to your /etc/shorewall/rules file:

/etc/shorewall/rules:

#ACTION SOURCE DEST PROTO DEST PORT(S)
DNAT net loc:<server address> tcp 1723
DNAT net loc:<server address> 47

If you have multiple external IP address and you want to forward a single <external address>, add the following to your /etc/shorewall/rules file:

/etc/shorewall/rules:

#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
# PORT(S) DEST
DNAT net loc:<server address> tcp 1723 - <external address>
DNAT net loc:<server address> 47 - - <external address>

You will also want to add this entry to your /etc/shorewall/masq file:

#INTERFACE SUBNET ADDRESS PROTO
<external interface> <server address> <external address> 47

Important

Be sure that the above entry comes before any other entry that might match the server's address.