[Openswan Users] Ports used by Openswan and enable internet browing from clients
Mateen Fugawala
mateen.fugawala at hotmail.com
Tue Jan 25 11:41:05 EST 2011
I did think of that option. However, when I tried to change the sysctl.conf file to enable IP forwarding after the change my VPN stopped connection. I even ran the sysctl - p to reload the file but still fails.
Any idea why? The log files don’t have any new errors it’s the same as before..
-----Original Message-----
From: Willie Gillespie [mailto:wgillespie+openswan at es2eng.com]
Sent: Tuesday, January 25, 2011 9:10 PM
To: Mateen Fugawala
Cc: users at openswan.org
Subject: Re: [Openswan Users] Ports used by Openswan and enable internet browing from clients
When your clients connect in using L2TP, they are given an IP address.
From one of your earlier mails, you are giving them an IP in the range of 192.168.1.128 - 192.168.1.254.
Do you have IP forwarding enabled? Somehow those IP addresses need to be able to access your gateway.
On 01/24/2011 11:26 PM, Mateen Fugawala wrote:
> I have disabled IPTABLES as I don’t really need them. Any other options?
>
> *From:*Indunil Jayasooriya [mailto:indunil75 at gmail.com]
> *Sent:* Tuesday, January 25, 2011 11:45 AM
> *To:* Mateen Fugawala
> *Cc:* Paul Wouters; Willie Gillespie; users at openswan.org
> *Subject:* Re: [Openswan Users] Ports used by Openswan and enable
> internet browing from clients
>
> On Tue, Jan 25, 2011 at 11:32 AM, Mateen Fugawala
> <mateen.fugawala at hotmail.com <mailto:mateen.fugawala at hotmail.com>> wrote:
>
> How do I get my clients to the internet when connected to the VPN? I
> believe that is disabled by default?
>
>
> Below rules will do the job.
>
> *DSTVPNNETWORK/16* is the network you access through VPN tunnel . This
> rule should be in placed first.
>
> iptables -t nat -A POSTROUTING -o eth1 -d DSTVPNNETWORK/16 -j ACCEPT
>
>
> Then,
>
> iptables -t nat -A POSTROUTING -o eth1 -s YOURLAN/24 -j SNAT
> --to-source extipofvpngateway
>
> Pls replace *YOURLAN/24* and *extipofvpngateway* with yours. Pls also
> note *eth1* is connected to the internet. Pls replace with yours and
> be happy. If u r happy, I will rejoice it.
>
>
>
>
>
>
>
>
>
>
>
> --
> Thank you
> Indunil Jayasooriya
>
More information about the Users
mailing list