michael.gale at pason
May 30, 2007, 7:37 AM
Re: NAT rules for VPN only allowing one user?
[In reply to]
This sounds like a problem on the VPN gateway device, you should remove the rule:
"/sbin/iptables -t nat -A POSTROUTING -o eth1
-d $LINKSYS_VPN_IP -p tcp --dport 1723
-j SNAT --to-source $ETH1_IP"
And resolve that issue, what is most likely currently happening. Your VPN router is only setup for or only supports 1 VPN connection per IP address. So a second connection
would over write the first one.
Neil Aggarwal wrote:
> Actually, I need the SNAT rule to make my remote
> users look like they are coming from the local network.
> For some reason, the Linksys does not respond to the
> connection unless I have that.
> Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
> FREE! Eliminate junk email and reclaim your inbox.
> Visit http://www.spammilter.com for details.
> -----Original Message-----
> From: netfilter-bounces [at] lists
> [mailto:netfilter-bounces [at] lists] On Behalf Of Jan Engelhardt
> Sent: Tuesday, May 29, 2007 1:13 PM
> To: Neil Aggarwal
> Cc: netfilter [at] lists
> Subject: Re: NAT rules for VPN only allowing one user?
> On May 29 2007 12:31, Neil Aggarwal wrote:
>> /sbin/iptables -t nat -A POSTROUTING -o eth1
>> -d $LINKSYS_VPN_IP -p tcp --dport 1723
>> -j SNAT --to-source $ETH1_IP
> This is redundant.
>> Either one of my remote users can connect to the VPN using
>> the Windows XP VPN client. But, if one of them is connected
>> and the other tries to connect, the second person gets to
>> the verifying username and password screen and then
>> gets an Error 619 that they are not able to connect.
>> I think somehow the existing connection is mis-routing
>> the login for the second connection.
>> Any ideas what could be going on?
> Use the holy tcpdump.
Red Hat Certified Engineer
Pason Systems Corp.