Username Always stay logged in
Password:

 

Pages: [1]
  Print  
Author Topic: VPN  (Read 2492 times)
martinc
Global Moderator
Pro Designer
*****

Karma: +1/-0
Offline Offline

Posts: 148



View Profile
VPN
« on: November 17, 2012, 05:01:26 AM »

Install
Code:
apt-get install pptpd pptp-linux -y

/etc/ppp/chap-secrets
Code:
# enter client info
[user] [server] [password] *

/etc/ppp/peers/[connection-name]
Code:
pty "pptp 123.123.123.123 --nolaunchpppd"
name [user-name]
#remotename [server-name]
require-mppe-128
file /etc/ppp/options.pptp
ipparam [connection-name]
noauth

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

iptables entry
Code:
#!/bin/sh

LAN=eth0
WAN=eth1

### Client Passthrough ###
VPN_NAME=VPN_client_example
VPN_server=123.123.123.123
#VPN_client=456.456.456.456

iptables -N $VPN_NAME

#iptables -A $VPN_NAME -j LOG --log-prefix "iptablesVPNin: "

iptables -A FORWARD --source $VPN_server -j $VPN_NAME
iptables -A FORWARD --destination $VPN_server -j $VPN_NAME

iptables -A $VPN_NAME -o $LAN -i $WAN -p tcp -m tcp --sport 1723 -m state --state ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -o $LAN -i $WAN -p 47 -m state --state ESTABLISHED -j ACCEPT

iptables -A $VPN_NAME -i $LAN -o $WAN -p tcp -m tcp --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -i $LAN -o $WAN -p 47 -m state --state NEW,ESTABLISHED -j ACCEPT
### ###


### Client ###
# single nic
VPN_NAME=VPN_client
VPN_server=123.123.123.123
#VPN_client=456.456.456.456

iptables -N $VPN_NAME

#iptables -A $VPN_NAME -j LOG --log-prefix "iptablesVPNin: "

iptables -A INPUT --source $VPN_server -j $VPN_NAME
iptables -A OUTPUT --destination $VPN_server -j $VPN_NAME

iptables -A $VPN_NAME -i $WAN -p tcp -m tcp --sport 1723 -m state --state ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -i $WAN -p 47 -m state --state ESTABLISHED -j ACCEPT

iptables -A $VPN_NAME -o $WAN -p tcp -m tcp --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -o $WAN -p 47 -m state --state NEW,ESTABLISHED -j ACCEPT
### ###

### Server ###
VPN_NAME=VPN_server_example
#VPN_server=123.123.123.123
VPN_client=456.456.456.456

iptables -N $VPN_NAME

#iptables -A $VPN_NAME -j LOG --log-prefix "iptablesVPNin: "

iptables -A OUTPUT --destination $VPN_client -j $VPN_NAME
iptables -A INPUT --source $VPN_client -j $VPN_NAME

iptables -A $VPN_NAME -o !$LAN -i $WAN -p tcp -m tcp --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -o !$LAN -i $WAN -p 47 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A $VPN_NAME -i !$LAN -o $WAN -p tcp -m tcp --sport 1723 -m state --state ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -i !$LAN -o $WAN -p 47 -m state --state ESTABLISHED -j ACCEPT
### ###

### drop all other packets ###
#iptables -A $VPN_NAME -j LOG --log-prefix "iptablesVPNdropx`: "
iptables -A $VPN_NAME -j DROP

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Logged

I have as much authority as the Pope, I just don't have as many people who believe it. --George Carlin
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines
Greenday Theme Designed By [S.W.T]