VPN pptp connection Unable to pass through linux iptables

Posted by user221844 on Server Fault See other posts from Server Fault or by user221844
Published on 2014-05-30T20:18:49Z Indexed on 2014/05/30 21:32 UTC
Read the original article Hit count: 340

Filed under:
|
|
|
|

I have set up a windows VPN server behind Linux - Ubuntu box that is working as firewall and proxy server. Now I want people from outside to be able to connect to the VPN server, but the connection is not being established and I get on the client an error 619. I have checked the problem on the internet and it seems a firewall issue.

what should I do to make the connection established through the firewall?

here is below the information about my setup

Firewall-External-IF-IP: 172.16.1.100

Firewall-LAN-IF-IP: 192.168.1.1

VPN-Server-IP: 192.168.1.10

and below is my iptables file content:

    #Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*filter
:INPUT ACCEPT [162000:140437619]
:FORWARD ACCEPT [23282:27196133]
:OUTPUT ACCEPT [185778:143961739]
:LOGGING - [0:0]
-A INPUT -p gre -j ACCEPT
-A INPUT -s 192.168.1.10/32 -p tcp -m tcp --sport 1723 -j ACCEPT
-A INPUT -s 192.168.1.10/32 -p udp -m udp --sport 1723 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -o EXT_IF -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -i EXT_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.10/32 -i EXT_IF -o INT_IF -p tcp -m tcp --dport 1723 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.10/32 -i INT_IF -o EXT_IF -p tcp -m tcp --sport 1723 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.10/32 -i EXT_IF -o INT_IF -p gre -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.10/32 -i INT_IF -o EXT_IF -p gre -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A OUTPUT -d 192.168.1.10/32 -p tcp -m tcp --dport 1723 -j ACCEPT
-A OUTPUT -d 192.168.1.10/32 -p udp -m udp --dport 1723 -j ACCEPT
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*nat
:PREROUTING ACCEPT [17865:1053739]
:INPUT ACCEPT [5490:357281]
:OUTPUT ACCEPT [3723:223677]
:POSTROUTING ACCEPT [3726:223870]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.10
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p gre -j DNAT --to-destination 192.168.1.10
-A PREROUTING -i -h
-A POSTROUTING -s 192.168.1.0/24 -o EXT_IF -j MASQUERADE
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*mangle
:PREROUTING ACCEPT [22695965:17811993005]
:INPUT ACCEPT [13818180:11522330171]
:PREROUTING ACCEPT [17865:1053739]
:INPUT ACCEPT [5490:357281]
:OUTPUT ACCEPT [3723:223677]
:POSTROUTING ACCEPT [3726:223870]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.10
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p gre -j DNAT --to-destination 192.168.1.10
-A PREROUTING -i -h
-A POSTROUTING -s 192.168.1.0/24 -o EXT_IF -j MASQUERADE
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*mangle
:PREROUTING ACCEPT [22695965:17811993005]
:INPUT ACCEPT [13818180:11522330171]
:FORWARD ACCEPT [8527694:6271564562]
:OUTPUT ACCEPT [14748508:11899678536]
:POSTROUTING ACCEPT [23271280:18170828012]
COMMIT
# Completed on Thu May 29 12:40:18 2014

hope that I find the solution here ....!! :(

© Server Fault or respective owner

Related posts about ubuntu

Related posts about iptables