Ok here is my configurations
clientA (VPN client)(windows XP IP: 192.168.0.2)
\
\
Switch------>eth1
----->Shorewall---->eth0--->dsl------->net----->vpn.purdue
.edu (VPN server).
When I try to connect to the vpn server, I begin the authentication process,
however I am always rejected. If I physically reconfigure to
clientA (VPN client)--->dsl------->net----->vpn.purdue.edu (VPN
server). I
can VPN in, I did this to eliminate the possibility of my ISP blocking VPN.
Here are my files
''policy''
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
fw net ACCEPT
net fw ACCEPT -
net all DROP -
loc fw ACCEPT -
all all REJECT -
''rules''
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
# Add HTTP port
ACCEPT net fw tcp 80 #Allow web
access from the internet
ACCEPT loc fw tcp 80 #Allow web
access from the local network
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
#
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw net icmp 8
#
#allows SAMBA access
ACCEPT fw loc udp 137:139
ACCEPT fw loc tcp 137,139,445
ACCEPT fw loc udp 1024: 137
ACCEPT loc fw udp 137:139
ACCEPT loc fw tcp 137,139,445
ACCEPT loc fw udp 1024: 137
ACCEPT fw net udp 137:139
ACCEPT fw net tcp 137,139,445
ACCEPT fw net udp 1024: 137
ACCEPT net fw udp 137:139
ACCEPT net fw tcp 137,139,445
ACCEPT net fw udp 1024: 137
ACCEPT loc net udp 137:139
ACCEPT loc net tcp 137,139,445
ACCEPT loc net udp 1024: 137
ACCEPT net fw tcp 10000 -
ACCEPT loc net tcp - -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
These are the only files I have modified, thanks for the help!
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.522 / Virus Database: 320 - Release Date: 9/29/2003
On Mon, 2003-10-13 at 15:25, Todd Nine wrote:> > When I try to connect to the vpn server, I begin the authentication process, > however I am always rejected. If I physically reconfigure to > > clientA (VPN client)--->dsl------->net----->vpn.purdue.edu (VPN server). I > can VPN in, I did this to eliminate the possibility of my ISP blocking VPN. >Are we are all supposed to be mind-readers and know immediately which type of VPN you are doing (IPSEC, PPTP, Nortel, ...)? If you are using IPSEC, you need to read http://shorewall.net/VPN.htm. Also, you fail to mention if you are seeing any Shorewall messages being logged when you try to connect to the VPN server. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net