Urgent help required.............

Taking care of your Linux box.
Post Reply
smk08
Naik
Posts: 56
Joined: Fri Aug 08, 2008 1:44 pm
Location: Sheikhupura, Pakistan

Urgent help required.............

Post by smk08 »

Asslamu Alaikum

dear please guide me how to configure the following scenario.

my local network is 172.16.0.0/16. these client computers are connected to internet via squid proxy server whose lan ip is 172.16.0.1 and wan ip is 125.209.109.103 with gateway 125.209.109.134
A vpn connection is created between plant and head office.
from the squid server machine i can easily access the systems of head office via vpn.
kindly guide me how to allow clients of my local network(172.16.0.0/16) to access the systems of head office via vpn.



Jazaak Allah.
Shahid Mahmood
0321-4538113
i am crazy to learn linux
osama1
Lance Naik
Posts: 33
Joined: Fri Jul 17, 2009 10:02 am

Post by osama1 »

It seems that u didnt forward VPN port for your local LAN

1723 Virtual private network (VPN)
smk08
Naik
Posts: 56
Joined: Fri Aug 08, 2008 1:44 pm
Location: Sheikhupura, Pakistan

Post by smk08 »

Asslamu Alaikum

Thanks for ur guidance

dear fellow u mean i have to forward port for 172.16.0.0/16 network on my vpn router.

Kindly guide me in detail.


Jazaak Allah
Shahid Mahmood
0321-4538113
i am crazy to learn linux
osama1
Lance Naik
Posts: 33
Joined: Fri Jul 17, 2009 10:02 am

Post by osama1 »

It depends upon overall ruleset of your box. If I use it for my machine I just need to add these lines

$IPTABLES -A INPUT -p tcp -s 172.16.0.0/16 -d 0/0 --destination-port 1723 -j ACCEPT
$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE --dport 1723 -j ACCEPT

+ masqueraded
saifkhan123
Cadet
Posts: 7
Joined: Thu Apr 23, 2009 8:26 am

firewall

Post by saifkhan123 »

if you have any additional firewall (e.g PIX, ASA etc) in between, than you have to open the port on the firewall also,
everything that seems to be true is not always true.
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

what is network address for other side?

in that case point your both sided clients gateway towards their respective VPN. and add routes for both sides on both vpn gateways.
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
Post Reply