[Firewall] IPSEC VPN help, please.
gustin at meganerd.ca
Thu Mar 22 18:56:28 CET 2012
Is the VPN server behind a NAT router as well? I was never able to get
that working. Now we have our VPN server in the DMZ with a publicly
routable IP. As a fall-back we use OpenVPN (nothing beats a single
connection over a single TCP port for reliability).
IIRC there needs to be some kernel modules loaded in order for the IPSEC
pass-through to work. It has been a long time since I have looked at
I have connected to our ipsec VPN from home through two NATs, one provided
by Virtualbox, then my LAN NAT (generic Linux box with Arno) and I have not
enabled the VPN client
On Wed, Mar 21, 2012 at 9:42 PM, blip42 <blip42 at zoho.com> wrote:
> Hello is there anyone here,
> Does anyone have any experience with IPSEC VPN via Arno's Firewall?
> I have been trying, unsuccessfully, with version 2.0.1a (now 2.0.1.b) to
> get a my work laptop
> to connect to our VPN via Cisco client.
> I have the following configuration:
> OS: Slackware64-current with kernel 3.2.7
> Running Arno's Firewall 2.0.1b
> eth0: External Interface. Gets IP via DHCP
> eth1: Internal Interface for internal LAN set at 10.0.2.1
> Work Laptop - LAN IP 10.0.2.24
> Browses web fine when not connected to VPN
> When trying to connect to VPN it makes it out the the server
> at work, but fails to negotiate and establish the VPN.
> I have enable the IPSEC-VPN plugin, I've opened and forwarded ports.
> I am clearly missing something simple because when I search Google
> most people with this issue are missing opening a port or allowing the
> As far as I can tell I have done that, but perhaps I missed something.
> I am providing the setting from the .conf files that I have touched:
> If anyone can shed any light on the it would be greatly appreciated.
> Or if something doesn't look correctly set, like
> Do I have the open statements in the wrong section?
> Thanks in advance for any replies.
> I really don't want to have to write my own
> and this is the last one I found that I actually like and worked for my
> (Commented lines and lines where the value was set as variable="" have
> been removed to save space)
> LOCAL_PORT_RANGE="32768 61000"
> OPEN_TCP="22,80" #,500,4500,10000,62515"
> OPEN_UDP="53" #,500,4500,10000,62515"
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> Arno's (Linux IPTABLES Firewall) Homepage:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Firewall