iptables with multiple vpn connection

Hi,

Iptables is working fine with single vpn connection, but not multiple vpn
connection. Would anyone tell me how to config my linux box for multiple
vpn connections?
Any help will be appreciated.

Jason

Jason wrote:

> Hi,
>
> Iptables is working fine with single vpn connection, but not multiple vpn
> connection. Would anyone tell me how to config my linux box for multiple
> vpn connections?
> Any help will be appreciated.
>
> Jason

Are you passing through PPTP connections? In that case you need to read up
on GRE protocol and PPTP. Basically it's a limitation of PPTP and NAT
together; that and packet sequence numbers. If you assigned a different
external source IP too each internal PPTP connection, you can run more than
1 NAT'ed connection...but that defeats the purpose of using NAT.

You might have more success with OpenVPN (google it) which is
cross-platform, uses TCP and is fully NAT-able :)

Cheers

James
--
Nobody said computers were going to be polite.

Thanks James,

But is it possible to using the OpenVPN and still using my iptables in the
same time?

Jason

"Centurion" <spam.this@nowhere.tld> ???
news:gblnv1-qa5.ln1@gandalf.ocs.open-channels.com ???...
> Jason wrote:
>
> > Hi,
> >
> > Iptables is working fine with single vpn connection, but not multiple
vpn
> > connection. Would anyone tell me how to config my linux box for
multiple
> > vpn connections?
> > Any help will be appreciated.
> >
> > Jason
>
> Are you passing through PPTP connections? In that case you need to read
up
> on GRE protocol and PPTP. Basically it's a limitation of PPTP and NAT
> together; that and packet sequence numbers. If you assigned a different
> external source IP too each internal PPTP connection, you can run more
than
> 1 NAT'ed connection...but that defeats the purpose of using NAT.
>
> You might have more success with OpenVPN (google it) which is
> cross-platform, uses TCP and is fully NAT-able :)
>
> Cheers
>
> James
> --
> Nobody said computers were going to be polite.
>

On Mon, 23 Aug 2004 10:47:46 +0800, Jason wrote:

Hi,

> Thanks James,
>
> But is it possible to using the OpenVPN and still using my iptables in
> the same time?

I have two linux boxes setup as routers with iptables here, one for having
a firewall between 2 internal networks (192.168.0.0/24 & 192.168.1.0/24)
and the other one for doing all internet routing/firewall stuff. The box
that is connected to the internet currently forwards the ports 5000 - 5002
to the other router with some simple iptables rules. On the 2nd box there
are 3 OpenVPN daemons running which maintain VPN connections to some of my
friends, so you shouldn't have any problems when using iptables & OpenVPN
at the same time ;-)
BTW if you're curious why i don't just put the OpenVPN daemons on the box
that is connected to the internet, this is because i don't want the people
who "come in" via VPN to mess around with the boxes in the 192.168.0.0/24
net which is mainly used by my father's windoze boxes and that way it's
possible to have all VPN related iptables rules on a different box than
tose related to internet connectivity. HTH...


> Jason
>
>
Peter