[Openswan Users] iptables configuration
Dariush Zahedmanesh
zahedmanesh at gmail.com
Tue Aug 21 01:44:14 EDT 2012
hi
We've written a book on OpenSwan and OpenVPN in iran
This book is available in various configurations and practical examples
http://www.fardab.com/shop.html?task=detailproduct&id=13620
On Mon, Aug 20, 2012 at 11:34 AM, Willie Gillespie <
wgillespie+openswan at es2eng.com> wrote:
> On 8/20/2012 3:31 AM, alireza sadeh seighalan wrote:
>
>> hi everyone
>>
>> how can i configure iptables for vpn servers( like l2tp over ipsec) ?
>> i confused. what should i route or forward? would you give me an
>> example? i want to know in 2 situation:
>> 1- vpn server behind nat
>> 2- vpn server has public ip address
>>
>> thanks in advance
>>
>
> Usually I see it set up where the L2TP server is on the same machine as
> Openswan. So it's a program running on the computer listening on UDP port
> 1701.
>
> So something like:
> -A INPUT -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT
> (allows packets to the computer on udp port 1701, but only if they used to
> be IPsec encapsulated)
>
> If you are using xl2tpd, then you can allow the ppp+ interfaces to forward
> packets. In one direction, something like:
> -A FORWARD -i ppp+ -p all -m state --state NEW,ESTABLISHED,RELATED -j
> ACCEPT
>
>
> Willie
> ______________________________**_________________
> Users at lists.openswan.org
> https://lists.openswan.org/**mailman/listinfo/users<https://lists.openswan.org/mailman/listinfo/users>
> Micropayments: https://flattr.com/thing/**38387/IPsec-for-Linux-made-**
> easy <https://flattr.com/thing/38387/IPsec-for-Linux-made-easy>
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/**product/1904811256/104-**
> 3099591-2946327?n=283155<http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155>
>
--
Best regards
Dariush Zahedmanesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120821/f72be46c/attachment.html>
More information about the Users
mailing list