mmckeay at stillsecure
May 30, 2007, 8:16 AM
So this is a limitation of the Linksys router, correct? What are the
RE: NAT rules for VPN only allowing one user?
[In reply to]
real requirements for user connections?
Linksys has the BEFVP41, that supports up to 50 VPN connections. Maybe
an upgrade to this box is in order. It's on Amazon for $99. What
router are you using right now? If it's a WRT54 series wireless router,
there might even be an image you can flash it with to do what you want
Martin McKeay, CISSP, GSNA
martin [at] stillsecure
From: netfilter-bounces [at] lists
[mailto:netfilter-bounces [at] lists] On Behalf Of Michael Gale
Sent: Wednesday, May 30, 2007 8:37 AM
To: Neil Aggarwal
Cc: netfilter [at] lists
Subject: Re: NAT rules for VPN only allowing one user?
This sounds like a problem on the VPN gateway device, you should remove
"/sbin/iptables -t nat -A POSTROUTING -o eth1
-d $LINKSYS_VPN_IP -p tcp --dport 1723
-j SNAT --to-source $ETH1_IP"
And resolve that issue, what is most likely currently happening. Your
VPN router is only setup for or only supports 1 VPN connection per IP
address. So a second connection would over write the first one.
Neil Aggarwal wrote:
> Actually, I need the SNAT rule to make my remote users look like they
> are coming from the local network.
> For some reason, the Linksys does not respond to the connection unless
> I have that.
> Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com FREE! Eliminate
> junk email and reclaim your inbox.
> Visit http://www.spammilter.com for details.
> -----Original Message-----
> From: netfilter-bounces [at] lists
> [mailto:netfilter-bounces [at] lists] On Behalf Of Jan
> Sent: Tuesday, May 29, 2007 1:13 PM
> To: Neil Aggarwal
> Cc: netfilter [at] lists
> Subject: Re: NAT rules for VPN only allowing one user?
> On May 29 2007 12:31, Neil Aggarwal wrote:
>> /sbin/iptables -t nat -A POSTROUTING -o eth1
>> -d $LINKSYS_VPN_IP -p tcp --dport 1723
>> -j SNAT --to-source $ETH1_IP
> This is redundant.
>> Either one of my remote users can connect to the VPN using the
>> Windows XP VPN client. But, if one of them is connected and the
>> other tries to connect, the second person gets to the verifying
>> username and password screen and then gets an Error 619 that they are
>> not able to connect.
>> I think somehow the existing connection is mis-routing the login for
>> the second connection.
>> Any ideas what could be going on?
> Use the holy tcpdump.
Red Hat Certified Engineer
Pason Systems Corp.