Answer the question
In order to leave comments, you need to log in
S
S
Saboteur2018-07-30 12:05:13
Saboteur, 2018-07-30 12:05:13
What needs to be corrected in the iptables settings in order for the VPN to work from the local area?
As the main router is Linux with three setevushki.
Two are combined into a bridge (br0), one is an external connection to the provider (eth1).
Ports not closed, NAT allowed and transparent proxy configured for ports 80 and 443
# iptables -t filter -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i br0 -o eth1 -j ACCEPT
-A FORWARD - i eth1 -o br0 -j ACCEPT
# iptables -t nat -S
-P PREROUTING ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
- A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -s 10.10.10.0/24 -o eth1 -j MASQUERADE
br0 - locale, eth1 - external provider.
For some reason, it is not possible to connect to a remote VPN from workstations in the local area (ping to a server with a VPN works).
Where to dig?
ps if you take a client computer and directly connect it to the provider's cable, it works, that is, the gre provider does not cut.
PPS The problem was solved by a separate connection. There is no way to check what was wrong, but I suspect that there really is a problem with unloaded modules for pptp / gre
3 answer(s)
@ShturmN
@q2digger
V
Vladimir Bobylev, 2018-07-30 @ShturmN
Try in console as root:
modprobe ip_nat_pptp
modprobe ip_conntrack_pptp
D
Dmitry, 2018-07-30 @q2digger
But in general, is packet forwarding enabled on the Linux router?
show the output of the command:sysctl -n net.ipv4.ip_forward
Similar questions
V
C
C
D
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question