[Openswan Users] iptables configuration

Willie Gillespie wgillespie+openswan at es2eng.com
Mon Aug 20 07:34:18 EDT 2012

On 8/20/2012 3:31 AM, alireza sadeh seighalan wrote:
> hi everyone
>   how can i configure iptables for vpn servers( like l2tp over ipsec) ?
> i confused. what should i route or forward? would you give me an
> example? i want to know in 2 situation:
> 1- vpn server behind nat
> 2- vpn server has public ip address
> thanks in advance

Usually I see it set up where the L2TP server is on the same machine as 
Openswan.  So it's a program running on the computer listening on UDP 
port 1701.

So something like:
-A INPUT -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT
(allows packets to the computer on udp port 1701, but only if they used 
to be IPsec encapsulated)

If you are using xl2tpd, then you can allow the ppp+ interfaces to 
forward packets.  In one direction, something like:
-A FORWARD -i ppp+ -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


More information about the Users mailing list