hi<br>
<span id="result_box" class="" lang="en"><span class="">We've written</span> <span class="hps">a book</span> <span class="hps">on</span> <span class="hps">OpenSwan and OpenVPN in iran<br>
</span></span><span id="result_box" class="" lang="en"><span class="hps">This</span> <span class="hps">book</span> <span class="hps">is available</span> <span class="hps">in</span> <span class="hps">various</span> <span class="hps">configurations</span></span> and practical examples<br>
<a href="http://www.fardab.com/shop.html?task=detailproduct&id=13620">http://www.fardab.com/shop.html?task=detailproduct&id=13620</a><br><br><div class="gmail_quote">On Mon, Aug 20, 2012 at 11:34 AM, Willie Gillespie <span dir="ltr"><<a href="mailto:wgillespie+openswan@es2eng.com" target="_blank">wgillespie+openswan@es2eng.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 8/20/2012 3:31 AM, alireza sadeh seighalan wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
hi everyone<br>
<br>
how can i configure iptables for vpn servers( like l2tp over ipsec) ?<br>
i confused. what should i route or forward? would you give me an<br>
example? i want to know in 2 situation:<br>
1- vpn server behind nat<br>
2- vpn server has public ip address<br>
<br>
thanks in advance<br>
</blockquote>
<br></div></div>
Usually I see it set up where the L2TP server is on the same machine as Openswan. So it's a program running on the computer listening on UDP port 1701.<br>
<br>
So something like:<br>
-A INPUT -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT<br>
(allows packets to the computer on udp port 1701, but only if they used to be IPsec encapsulated)<br>
<br>
If you are using xl2tpd, then you can allow the ppp+ interfaces to forward packets. In one direction, something like:<br>
-A FORWARD -i ppp+ -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT<br>
<br>
<br>
Willie<br>
______________________________<u></u>_________________<br>
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/<u></u>mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/<u></u>38387/IPsec-for-Linux-made-<u></u>easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/<u></u>product/1904811256/104-<u></u>3099591-2946327?n=283155</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div style="text-align:left">Best regards<br>Dariush Zahedmanesh</div><br>