Find the answer to your Linux question:
Results 1 to 3 of 3
I recently set up Ubuntu Server 6.06 Dapper Drake as a router for my network. I set up Linux Firewall, BIND DNS, and DHCP server through Webmin. I then used ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2006
    Location
    BC
    Posts
    2

    Problem with VPN connection


    I recently set up Ubuntu Server 6.06 Dapper Drake as a router for my network. I set up Linux Firewall, BIND DNS, and DHCP server through Webmin. I then used vpnc to connect to a Cisco VPN concentrator. I can ping IP's on the inside the corporate network using my Linux box, and I can ping the the IP address (192.168.1.214) of the Linux box on the VPN from the other computers behind my Linux box, but I cannot ping other computers (i.e., the DNS server, the primary domain controller) except from the Linux box.

    I set up a route with the command, "sudo ip route add 192.168.1.0/24 via 192.168.1.214 dev tun0", but that does not seem to help the other computers. I'm almost there to making my Ubuntu box a VPN gateway, but I can't seem to "share" the VPN connection. How can I do that?

  2. #2
    Just Joined! forgottentq's Avatar
    Join Date
    Jun 2006
    Location
    Virginia at the moment.
    Posts
    46
    "Many VPN client programs can be configured to require that all IP traffic must pass through the tunnel while the VPN is active, for better security. From the user's perspective, this means that while the VPN client is active, all access outside their employer's secure network must pass through the same firewall as would be the case while physically connected to the office ethernet."

    might be an ACL and or firewall problem.... might want to check up on ur iptables rules for the tunnel connectivity.

  3. #3
    Just Joined!
    Join Date
    Aug 2006
    Location
    BC
    Posts
    2
    Do you mean that even Internet traffic would go through the tunnel to the remote network and use their gateway to the Internet? It seems like that would introduce a lag time ...

    I've never done anything with ACL's before - is there something in there that would get messed up even if I never touched it?

    My iptables and routing information (below) seem to give the information needed for the network, as it seems to work for the Linux computer. It's just not forwarding that information on ...

    Here is my iptables.save file, generated by Webmin's Linux FIrewall GUI:
    # Generated by iptables-save v1.3.3 on Wed Aug 16 09:51:52 2006
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
    # Completed on Wed Aug 16 09:51:52 2006
    # Generated by iptables-save v1.3.3 on Wed Aug 16 09:51:52 2006
    *mangle
    :PREROUTING ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    COMMIT
    # Completed on Wed Aug 16 09:51:52 2006
    # Generated by iptables-save v1.3.3 on Wed Aug 16 09:51:52 2006
    *nat
    :FORWARD - [0:0]
    :INPUT - [0:0]
    :PREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -o eth1 -j MASQUERADE
    # eth1
    -A INPUT -i eth0 -j ACCEPT
    # lo
    -A INPUT -i lo -j ACCEPT
    # VPN
    -A INPUT -i tun0 -j ACCEPT
    -A OUTPUT -j ACCEPT
    # forward
    -A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
    -A FORWARD -p ah -j ACCEPT
    -A FORWARD -p esp -j ACCEPT
    -A FORWARD -p udp -m udp --dport 500 --sport 500 -j ACCEPT
    -A INPUT -i eth1 -j DROP
    # Completed on Wed Aug 16 09:51:52 2006

    My routing information is as follows:
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    #internet connection
    (Remote Internet DNS server) (Remote Internet Gateway) 255.255.255.255 UGH 0 0 0 eth1
    (ISP) * 255.255.255.252 U 0 0 0 eth1
    #internal network
    192.168.3.0 * 255.255.255.192 U 0 0 0 eth0
    #remote network
    192.168.1.0 192.168.1.217 255.255.255.0 UG 0 0 0 tun0
    #everything else
    default 206.191.99.89 0.0.0.0 UG 0 0 0 eth1

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •