Hi all We have SLES10 Linux server with shorewall-3.2.4-1 and PPTP VPN server configured on it. Both interfaces are on private IP addresses, ports are forwarded from perimeter router. We would like to add L2TP VPN access on same machine. How do we configure Shorewall for that? Going trough documentation i realized that both VPN services are configured on shorewall with ppp+ interfaces, that is not working. When replying please include my mail. Thanks, regards -- *Ivica Glavočić* Laser Line d.o.o. Tribje 17, 52470 Umag tel.: +385 52 725 600 fax: +385 52 725 610 OIB: 26680017138 mail: ivica.glavocic@laserline.hr <mailto:ivica.glavocic@laserline.hr> mail: sys@laserline.hr <mailto:sys@laserline.hr> web: http://www.laserline.hr ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Ivica Glavocic wrote:> Hi all > > We have SLES10 Linux server with shorewall-3.2.4-1 and PPTP VPN server > configured on it. Both interfaces are on private IP addresses, ports are > forwarded from perimeter router. > > We would like to add L2TP VPN access on same machine. How do we > configure Shorewall for that? > > Going trough documentation i realized that both VPN services are > configured on shorewall with ppp+ interfaces, that is not working.Can you define your zones using /etc/shorewall/hosts and qualify ppp+ with IP networks? e.g. #ZONE HOSTS OPTIONS z1 ppp+:172.20.1.0/24 ... z2 ppp+:10.10.144.0/24 ... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world''s best and brightest in the field, creating opportunities for Conference attendees to learn about information security''s most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev
Don''t think so. If you were thinking about clients, I have no idea what networks are on the other side, general idea was for both PPTP and L2TP server to give IP to VPN clients from LAN range (2 different ranges off course). On 14.1.2010 18:22, Tom Eastep wrote:> Ivica Glavocic wrote: > >> Hi all >> >> We have SLES10 Linux server with shorewall-3.2.4-1 and PPTP VPN server >> configured on it. Both interfaces are on private IP addresses, ports are >> forwarded from perimeter router. >> >> We would like to add L2TP VPN access on same machine. How do we >> configure Shorewall for that? >> >> Going trough documentation i realized that both VPN services are >> configured on shorewall with ppp+ interfaces, that is not working. >> > Can you define your zones using /etc/shorewall/hosts and qualify ppp+ > with IP networks? > > e.g. > > #ZONE HOSTS OPTIONS > z1 ppp+:172.20.1.0/24 ... > z2 ppp+:10.10.144.0/24 ... > > -Tom >------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world''s best and brightest in the field, creating opportunities for Conference attendees to learn about information security''s most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev
Ivica Glavocic wrote:> Don''t think so. If you were thinking about clients, I have no idea what > networks are on the other side, general idea was for both PPTP and L2TP > server to give IP to VPN clients from LAN range (2 different ranges off > course).Well, if you have no way to distinguish the connections using interfaces and addresses then there is no choice but to treat them all the same from a firewall perspective. Possibly you should re-consider trying to use so many different types of ppp on a single system. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world''s best and brightest in the field, creating opportunities for Conference attendees to learn about information security''s most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev