Hi Folks!
I'm not being able to connect to my corporate VPN servers that use the Microsoft DirectAccess method... they have an alternate VPN Client that's the Cisco PULSE VPN client, and is also not working... I assume it has to do with enabling "VPN Passthrough" in the Router/Firewall, but I was not able to do it so far ...
When I tried to run this command, it's giving me an error that's driving me crazy:
iptables -t nat -A PREROUTING -i $WAN --protocol udp --dport 500 -j DNAT --to 192.168.1.146
Bad argument `udp'
Try `iptables -h' or 'iptables --help' for more information.
I've read that I should be allowing the UDP traffic by using this 2 extra lines in the user configuration file:
iptables -t nat -A prerouting -i $WAN -p udp --dport 500 -j DNAT --to-destination 192.168.1.146
iptables -A input -i $WAN -p udp --dport 500 -j ACCEPT
I have the default configuration for LuCI for-15.05 branch (git-16.206.66468-6f5c466) / OpenWrt Chaos Calmer 15.05.1 r49389 .
Here's my firewall config file, that I've copied from another post, as in the process of trying to fix this I've deleted the default firewall config file:
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
option disable_ipv6 1
config zone
option name lan
option network 'lan'
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see [url]https://dev.openwrt.org/ticket/4108[/url]
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see [url]https://dev.openwrt.org/ticket/10381[/url]
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
Suggestions?