[Openswan Users] l2tp firewall kernel 26

Brett Curtis dashnu at gmail.com
Tue Jun 28 10:29:17 CEST 2005

I created my own custom chains and added them to the proper input /
output / forward. you could try this

# External Input VPN Access
$IPT -N external-vpn-traffic
$IPT -F external-vpn-traffic
$IPT -A external-vpn-traffic -i $EXTIF -m mark --mark 1 -j ACCEPT
$IPT -A external-vpn-traffic -d $EXTIP -p udp -m udp --dport 500 \
$IPT -A external-vpn-traffic -p esp -j ACCEPT

# Output l2tp traffic
$IPT -N allow-l2tp-traffic-out
$IPT -F allow-l2tp-traffic-out
$IPT -A allow-l2tp-traffic-out -s $EXTIP -p udp -m udp --sport 1701 \
  -j ACCEPT 

# Output VPN traffic chain
$IPT -N allow-vpn-traffic-out
$IPT -F allow-vpn-traffic-out
$IPT -A allow-vpn-traffic-out -s $EXTIP -p udp -m udp --dport 500 \

# Output esp packets
$IPT -N allow-esp-traffic-out
$IPT -F allow-esp-traffic-out
$IPT -A allow-esp-traffic-out -p esp -j ACCEPT

# Rule for VPN (Ipsec/l2tp)
$IPT -t mangle -A PREROUTING -i $EXTIF -p esp -j MARK --set-mark 1 

On 6/28/05, sasa <sasa at shoponweb.it> wrote:
> Hi, where I can to find a how-to about firewall (based on iptables) configuration for to enable l2tp traffic on box with kernel 2.6 (Fedora Core 3) and openswan 2.3.1 (I don't use ipsec0 interface).
> Thanks.
>         Salvatore.
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list