Results 1 to 2 of 2

Thread: VPN Data passthrough?

  1. #1
    Join Date
    Jul 2008
    Location
    in front of the keyboard
    Posts
    90

    Angry VPN Data passthrough?

    Short version: I configured a pptpd vpn server , I can connect but not able to see the devices shared at the office. (Do i need to add another rule to achieve this scenario? If yes preferably through Yast or /etc/sysconfig/SuSEfirewall2)


    Long version:

    CONF:
    eth0 - external ip (SuSEfirewall external zone)
    eth1 - internal ip (192.168.1.197) (SuSEfirewall internal zone)
    SuSEfirewall is on permitting gre ip protocols and TCP 1723
    Masquarade is on
    http://picpaste.com/Capture-INE6uaak.PNG

    Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    10 697 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
    0 0 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0


    Fileserver - 192.168.1.1
    pptpd server up
    The pptpd server works (i can connect using credentials - user and pass)

    PROBLEM:
    Cannot acces a file sharing server with an ip in the same network as eth1.
    Cannot ping file server from vpn client.
    CAN ping eth1 ip from vpn client.
    No firewall on fileserver (pings from internal network works)
    So i guess vpn data doesnt pass through. It seems everything is ok but the packages are not routed as it should? (Do i need to add another rule to achieve this scenario? If yes preferably through Yast or /etc/sysconfig/SuSEfirewall2)
    Dell Latitude E6520 - openSuSE 13.1 & Windows 8.1

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: VPN Data passthrough?

    I haven't tried to setup your scenario,
    But at a glance I assume that you need to provide some forwarding rules to enable connectivity beyond your VPN beach head.
    (Personally, I tend to deploy an application gateway or the actual desired resources on the VPN beach head itself, so forwarding is not necessary. An application gateway, eg website acts as a proxy for the incoming connection which improves resource isolation from external threats)

    TSU

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •