win2k vpn through linux firewall.

[fergman]

I've successfully forwarded terminal server through my linux firewall, and just figured it would be the same procedure to forward win2k's vpn server, so I forwarded port 1723 to the appropriate IP address, but it timesout. However if I access it through the internal lan address it works just fine. How in the world can I fix this?

 

[crazynoodle]

According to the port your forwarding 1723 indicates a PPTP connection.. I thought (and I am not a MS expert)w2k VPN Server was now using IPSEC and in that case you would need to allow port 500 for IKE and protocol 50

"When you use IPSec for encryption, the L2TP UDP port traffic is encrypted as an IPSec ESP payload, so the firewall in this case (the VPN server is behind the firewall) needs to be opened only for UDP port 500 (IKE) and IP Protocol ID 50 (ESP), "

 

[fergman]

Well Right after I posted that message, I ran nmap against a connecteed machine (connected through the local network), and discovered that, but in doing more research, I found that you also have to forward IP protocol 47. I forwarded that, and it connects now. I think however port 500 also needs to be forwarded, and I'll find out later today when I set it to some testing.

 

[Admstng]

i have this problem... thats all you did.. protocol 47 and port 500 to the private ip addy? and it worked? you do anythng else?

 

[fergman]

well I have now gotten it working, it's forwarding 1723 and protocol 47, I did not specify a port. It works fine.

 

[bwilliam13]

To confirm, TCP port 1723 and Protocol 47 is all you need. This is how we've run our VPN server for a couple of years now.

 

[bartleydavis]

I have Linux Mandrake and have tried forwarding tcp port 1723 to my private address and the protocol 47... With this config, it still doesn't work. Here is how I have it as it appears in etc/shorewall/rules

DNAT net masq:192.168.3.10 tcp 1723:1723
DNAT net masq:192.168.3.10 47 -

Any help would be appreciated.....