It was initially (not working) iptables -t nat -I POSTROUTING -o mainInf -j MASQUERADE The solution was to adjust the NAT to the correct output gateway and that allowed packets to reach other servers
mainInf and support), both configured via netplan (no problem with that)īut, despite connecting to the pptp server using the IP address of the 1st up-link (i-face called mainInf), my default gateway was running in the seccond up-link (support). The problem was the fact that I had in this machine two independent up-links exposed to internet (ie. This made clear that the tunnel was ok to the pptp server. It was possible to connect, the connection was stable, it did allow to login to the pptp server via ssh and, in the remote machine, even to resolve DNS (noticeable via browers and ping - as it did resolve correctly the IP), but webpages did not load, neither was possible to connect to other severs via ssh. We had identical symptoms, but all the Iptables where set as above. Replace 172.20.1.0/24 with the IP address range used in the “remoteip” option in the /etc/nf this firewall rule is used to ensure a proper MTU value is used to prevent fragmentation. Finally the following rule is required to ensure websites load properly iptables -I FORWARD -p tcp -tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS -clamp-mss-to-pmtu In the last rule replace “eth0″ with the interface connecting to the internet on your VPN server.
Iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE The following iptables firewall rules allow port 1723, GRE and perform NAT iptables -I INPUT -p tcp -dport 1723 -m state -state NEW -j ACCEPT Save, close the file and run the following command to make the changes take effect. I assume “_forward” is commented in the /etc/nf file: nano /etc/nfĪdd or find and comment out the following line _forward=1 If your main purpose of setting up the VPN server is to access website, So traffic has to be forwarded out of the VPN server’s public network interface.Thus, kindly enable port forwarding by editing the nf file.
0 kommentar(er)
