[Openswan Users] iptables configuration
Willie Gillespie
wgillespie+openswan at es2eng.com
Mon Aug 20 07:34:18 EDT 2012
On 8/20/2012 3:31 AM, alireza sadeh seighalan wrote:
> hi everyone
>
> how can i configure iptables for vpn servers( like l2tp over ipsec) ?
> i confused. what should i route or forward? would you give me an
> example? i want to know in 2 situation:
> 1- vpn server behind nat
> 2- vpn server has public ip address
>
> thanks in advance
Usually I see it set up where the L2TP server is on the same machine as
Openswan. So it's a program running on the computer listening on UDP
port 1701.
So something like:
-A INPUT -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT
(allows packets to the computer on udp port 1701, but only if they used
to be IPsec encapsulated)
If you are using xl2tpd, then you can allow the ppp+ interfaces to
forward packets. In one direction, something like:
-A FORWARD -i ppp+ -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Willie
More information about the Users
mailing list