[Firewall] IPSEC VPN help, please.

blip42 blip42 at zoho.com
Thu Mar 22 04:42:46 CET 2012


Hello is there anyone here,

Does anyone have any experience with IPSEC VPN via Arno's Firewall?


I have been trying, unsuccessfully, with version 2.0.1a (now 2.0.1.b) to get a my work laptop 
to connect to our VPN via Cisco client.



I have the following configuration:


Server:
OS: Slackware64-current with kernel 3.2.7
Running Arno's Firewall 2.0.1b
eth0: External Interface. Gets IP via DHCP
eth1: Internal Interface for internal LAN set at 10.0.2.1


Work Laptop - LAN IP 10.0.2.24
Browses web fine when not connected to VPN
When trying to connect to VPN it makes it out the the server 
at work, but fails to negotiate and establish the VPN.


I have enable the IPSEC-VPN plugin, I've opened and forwarded ports.
I am clearly missing something simple because when I search Google
most people with this issue are missing opening a port or allowing the protocol.
As far as I can tell I have done that, but perhaps I missed something.


I am providing the setting from the .conf files that I have touched:


If anyone can shed any light on the it would be greatly appreciated.
Or if something doesn't look correctly set, like
Do I have the open statements in the wrong section?


Thanks in advance for any replies.
I really don't want to have to write my own
and this is the last one I found that I actually like and worked for my needs..mostly.


Sincerely,
Mike


(Commented lines and lines where the value was set as variable="" have been removed to save space)


ipsec-vpn.conf


ENABLED=1
IPSEC_ALLOWED_HOSTS="0/0"
IPSEC_NAT_TRAVERSAL=1





firewall.conf   


EXT_IF="eth0"
EXT_IF_DHCP_IP="1"
EXTERNAL_DHCP_SERVER=0
EXTERNAL_DHCPV6_SERVER=0
INT_IF="eth1"
INTERNAL_NET="10.0.2.1/24"
INTERNAL_NET_ANTISPOOF=1
INT_NET_BCAST_ADDRESS="10.0.2.255"
DMZ_NET_ANTISPOOF=1
NAT="1"
NAT_INTERNAL_NET="$INTERNAL_NET"
NAT_LOCAL_REDIRECT=0
NAT_FORWARD_TCP="500,4500,10000,62515>10.0.2.24"
NAT_FORWARD_UDP="500,4500,10000,62515>10.0.2.24"
NAT_FORWARD_IP="47,50>10.0.2.24"
IP4TABLES="/usr/sbin/iptables"
IP6TABLES="/usr/sbin/ip6tables"
ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
DMESG_PANIC_ONLY=1
MANGLE_TOS=0
SET_MSS=1
TTL_INC=0
USE_IRC=0
LOOSE_FORWARD=0
FORWARD_LINK_LOCAL=0
IPV6_DROP_RH_ZERO=1
RESERVED_NET_DROP=0
DRDOS_PROTECT=0
IPV6_SUPPORT="0"
NMB_BROADCAST_FIX=0
COMPILED_IN_KERNEL_MESSAGES=1
DEFAULT_POLICY_DROP=1
CUSTOM_RULES="/etc/arno-iptables-firewall/custom-rules"
LOCAL_CONFIG_DIR="/etc/arno-iptables-firewall/conf.d"
DISABLE_IPTABLES_BATCH=0
TRACE=0
BLOCKED_HOST_LOG=1
SCAN_LOG=1
POSSIBLE_SCAN_LOG=1
BAD_FLAGS_LOG=1
INVALID_TCP_LOG=0
INVALID_UDP_LOG=0
INVALID_ICMP_LOG=0
RESERVED_NET_LOG=0
FRAG_LOG=1
INET_OUTPUT_DENY_LOG=1
LAN_OUTPUT_DENY_LOG=1
LAN_INPUT_DENY_LOG=1
DMZ_OUTPUT_DENY_LOG=1
DMZ_INPUT_DENY_LOG=1
FORWARD_DROP_LOG=1
LINK_LOCAL_DROP_LOG=1
ICMP_REQUEST_LOG=1
ICMP_OTHER_LOG=1
PRIV_TCP_LOG=1
PRIV_UDP_LOG=1
UNPRIV_TCP_LOG=1
UNPRIV_UDP_LOG=1
IGMP_LOG=1
OTHER_IP_LOG=1
ICMP_FLOOD_LOG=1
LOGLEVEL="info"
SYN_PROT=1
REDUCE_DOS_ABILITY=1
ECHO_IGNORE=0
LOG_MARTIANS=0
IP_FORWARDING=1
IPV6_AUTO_CONFIGURATION=1
ICMP_REDIRECT=0
CONNTRACK=16384
ECN=0
RP_FILTER=0
SOURCE_ROUTE_PROTECTION=1
LOCAL_PORT_RANGE="32768 61000"
DEFAULT_TTL=64
NO_PMTU_DISCOVERY=0
LAN_OPEN_ICMP=1
LAN_INET_OPEN_ICMP=1
DMZ_OPEN_ICMP=1
INET_DMZ_OPEN_ICMP=0
DMZ_INET_OPEN_ICMP=1
DMZ_LAN_OPEN_ICMP=0
OPEN_ICMP="1"
OPEN_ICMPV6=1
OPEN_TCP="22,80" #,500,4500,10000,62515"
OPEN_UDP="53" #,500,4500,10000,62515"
BLOCK_HOSTS_BIDIRECTIONAL=1






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20120321/4a586a8b/attachment.html>


More information about the Firewall mailing list