It's DEF the firewall that's causing me grief. If I disable the firewall (/etc/init.d/firewall stop) then a ping to an internap PC completes. Also, a tcpdump on the vpn interface shows the request received, but the VPN tun0 interface repsonds (destination port unreachable).
I'm at a loss. Overall the objective is to have VPN clients connect and have access to all internal LAN devices. Here's the important configs.
**********************************
br-lan Link encap:Ethernet HWaddr 00:1C:10:59:02:F5
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7253 errors:0 dropped:0 overruns:0 frame:0
TX packets:5514 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:533821 (521.3 KiB) TX bytes:6514519 (6.2 MiB)
eth0 Link encap:Ethernet HWaddr 00:1C:10:59:02:F5
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:253552 errors:0 dropped:0 overruns:0 frame:0
TX packets:200672 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:32732688 (31.2 MiB) TX bytes:31588542 (30.1 MiB)
Interrupt:4
eth0.0 Link encap:Ethernet HWaddr 00:1C:10:59:02:F5
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:183719 errors:0 dropped:0 overruns:0 frame:0
TX packets:188959 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15042253 (14.3 MiB) TX bytes:28269492 (26.9 MiB)
eth0.1 Link encap:Ethernet HWaddr 00:1C:10:59:02:F5
inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.255 Mask:255.255.240.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69795 errors:0 dropped:0 overruns:0 frame:0
TX packets:11715 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13123471 (12.5 MiB) TX bytes:2457652 (2.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:82 errors:0 dropped:0 overruns:0 frame:0
TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6328 (6.1 KiB) TX bytes:6328 (6.1 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.15.1.1 P-t-P:10.15.1.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1359 errors:0 dropped:0 overruns:0 frame:0
TX packets:1381 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:90487 (88.3 KiB) TX bytes:244265 (238.5 KiB)
wl0 Link encap:Ethernet HWaddr 00:1C:10:59:02:F7
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:193606 errors:0 dropped:0 overruns:0 frame:4074
TX packets:193831 errors:15 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23749059 (22.6 MiB) TX bytes:20979427 (20.0 MiB)
Interrupt:2 Base address:0x5000
************************************
===========================
/jffs/etc/config/network
config 'switch' 'eth0'
option 'vlan0' '0 1 2 3 5*'
option 'vlan1' '4 5'
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'type' 'bridge'
option 'ifname' 'eth0.0'
option 'proto' 'static'
option 'netmask' '255.255.255.0'
option 'ipaddr' '192.168.2.1'
option 'defaultroute' '0'
option 'peerdns' '0'
config 'interface' 'wan'
option 'ifname' 'eth0.1'
option 'proto' 'dhcp'
config 'interface' 'vpn'
option 'ifname' 'tun0'
option 'proto' 'none'
option 'auto' 'disable'
option 'defaultroute' '0'
option 'peerdns' '0'
===========================
Here's the firewall
+++++++++++++++++++++++
/jffs/etc/config/firewall
config 'defaults'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'wan'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'masq' '1'
config 'zone'
option 'name' 'vpn'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
option 'network' 'vpn'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'vpn'
option 'forward' 'ACCEPT'
config 'forwarding'
option 'src' 'vpn'
option 'dest' 'lan'
option 'forward' 'ACCEPT'
option 'mtu_fix' '1'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan'
option 'mtu_fix' '1'
config 'rule'
option 'target' 'ACCEPT'
option '_name' 'VPN'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '8091'
config 'rule'
option 'target' 'ACCEPT'
option '_name' 'SSH'
option 'src' 'wan'
option 'proto' 'tcp'
option 'dest_port' '22'
+++++++++++++++++++++++
Suggestions what to modify? I need my VPN client (10.15.1.6) to be able to RDP to say 192.168.2.151.
(Last edited by kennedy101 on 26 Jul 2009, 07:47)