Re: [IPCop-user] VPN and BOT

[Chris W. <chr...@gm...>]

Steve,

I fought with this too! The fix is fairly easy. I'm sure you have already
tried to create a rule allowing your green network to go to any (interface
or network) and it just wont work. To resolve this issue you need to go into
*Advanced BOT Config > Interfaces *and define your ipsec interfaces, for the
Name you can call it anything (ie. VPN Interface) for the Interface you need
to do an ifconfig on the command line and discover which ipsec interface
your VPN is using, usually this is ipsec0. To simplify things for the Interface
field you can set it to: ipsec+ this will assume ALL ipsec interfaces.

Ok, now you need to go back to to the *block outgoing traffic *tab and
configure rules to allow outgoing traffic.

Sample Rule:

Source: Default interface: Green (You can define this to suit your needs)
Destination, custom interface: ipsec0  (or what ever you called it in the
interface config)


(Optional) - I really did not like the idea of letting my remote VPN network
have full access to resources on my network. In /etc/rc.d/rc.local you can
add the following lines to the end of the file:

#Cleanup rule for Ipsec VPN
/sbin/iptables -A CUSTOMFORWARD -i ipsec+ -j LOG --log-level warning
--log-prefix "IPSEC0-DROP "
/sbin/iptables -A CUSTOMFORWARD -i ipsec+ -j DROP


This will LOG and DROP ALL traffic from any ipsec interface. You must now
create rules in BOT to permit the desired services, go back to to the *block
outgoing traffic *tab and configure rules to allow for the incoming traffic.


Sample rule:

Source, custom interface: ipsec0  (or what ever you called it in the
interface config)
Destination: Default interface: Green (You can define this to suit your
needs)
Use Service: (Define as needed).


Hope this helps,

Chris











On 9/27/07, Steve Pritchard <sys...@nw...> wrote:
>
> I'm been running IPcop with RED, GREEN and BLUE interfaces. GREEN and BLUE
> are both LAN connections. I also have an IPCop VPN to another location.
> All
> was working well...until I installed BOT.
>
> I've added all BOT rules to allow both nets to have Proxy , www, ftp, etc
> to
> RED, as well as IPCop services. All is well.
>
> The VPN connection is listed as OPEN, and the Connections list shown my
> location and the outside  location connected via port 500. Traffic shows
> standard windows file sharing protocols being passed. However, prior ot
> install BOT I also had RDP, VNC, and WWW connections to machines on the
> other side of the VPN. These connections are now blocked.
>
> I won't go into the list of rules I've tried...every combination I can
> think
> of or logic out has failed. How do I get BOT and VPN to play nice, and
> what
> rules can I add to have my services through the VPN back?
>
> Regards,
>
> Steve P
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> IPCop-user mailing list
> IPC...@li...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user
>