From: Chris W. <chr...@gm...> - 2007-09-29 19:55:41
|
Steve, I fought with this too! The fix is fairly easy. I'm sure you have already tried to create a rule allowing your green network to go to any (interface or network) and it just wont work. To resolve this issue you need to go into *Advanced BOT Config > Interfaces *and define your ipsec interfaces, for the Name you can call it anything (ie. VPN Interface) for the Interface you need to do an ifconfig on the command line and discover which ipsec interface your VPN is using, usually this is ipsec0. To simplify things for the Interface field you can set it to: ipsec+ this will assume ALL ipsec interfaces. Ok, now you need to go back to to the *block outgoing traffic *tab and configure rules to allow outgoing traffic. Sample Rule: Source: Default interface: Green (You can define this to suit your needs) Destination, custom interface: ipsec0 (or what ever you called it in the interface config) (Optional) - I really did not like the idea of letting my remote VPN network have full access to resources on my network. In /etc/rc.d/rc.local you can add the following lines to the end of the file: #Cleanup rule for Ipsec VPN /sbin/iptables -A CUSTOMFORWARD -i ipsec+ -j LOG --log-level warning --log-prefix "IPSEC0-DROP " /sbin/iptables -A CUSTOMFORWARD -i ipsec+ -j DROP This will LOG and DROP ALL traffic from any ipsec interface. You must now create rules in BOT to permit the desired services, go back to to the *block outgoing traffic *tab and configure rules to allow for the incoming traffic. Sample rule: Source, custom interface: ipsec0 (or what ever you called it in the interface config) Destination: Default interface: Green (You can define this to suit your needs) Use Service: (Define as needed). Hope this helps, Chris On 9/27/07, Steve Pritchard <sys...@nw...> wrote: > > I'm been running IPcop with RED, GREEN and BLUE interfaces. GREEN and BLUE > are both LAN connections. I also have an IPCop VPN to another location. > All > was working well...until I installed BOT. > > I've added all BOT rules to allow both nets to have Proxy , www, ftp, etc > to > RED, as well as IPCop services. All is well. > > The VPN connection is listed as OPEN, and the Connections list shown my > location and the outside location connected via port 500. Traffic shows > standard windows file sharing protocols being passed. However, prior ot > install BOT I also had RDP, VNC, and WWW connections to machines on the > other side of the VPN. These connections are now blocked. > > I won't go into the list of rules I've tried...every combination I can > think > of or logic out has failed. How do I get BOT and VPN to play nice, and > what > rules can I add to have my services through the VPN back? > > Regards, > > Steve P > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > IPCop-user mailing list > IPC...@li... > https://lists.sourceforge.net/lists/listinfo/ipcop-user > |