VPN Server Ports - Does this look correct?

Z

zooky

Active Member
Dec 9, 2014
4
1
43
Hey All,

Im looking into setting up a L2TP/IPSEC VPN server. I have done the below and just want to confirm It all looks right. So far clients can connect just fine, but after about 40-50min they all disconnect at the same time.

Code: 
cat /etc/network/interfaces
# network interface settings
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
iface eth2 inet manual
iface eth3 inet manual

auto vmbr0
iface vmbr0 inet static
        address  162.XXX.XXX.X7
        netmask  255.XXX.XXX.XXX
        gateway  162.XXX.XX.XXX
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address  172.16.0.1
        netmask  255.255.240.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

auto vmbr2
iface vmbr2 inet static
        address  10.100.0.1
        netmask  255.255.240.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

auto vmbr3
iface vmbr3 inet static
        address  192.168.1.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '172.16.0.0/20' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '172.16.0.0/20' -o vmbr0 -j MASQUERADE

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '10.100.0.0/20' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.100.0.0/20' -o vmbr0 -j MASQUERADE

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '196.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 172.16.0.2:443
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 172.16.0.2:443
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 500 -j DNAT --to 172.16.0.2:500
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 500 -j DNAT --to 172.16.0.2:500
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 4500 -j DNAT --to 172.16.0.2:4500
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 4500 -j DNAT --to 172.16.0.2:4500
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 1701 -j DNAT --to 172.16.0.2:1701
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 1701 -j DNAT --to 172.16.0.2:1701

Any help is appreciated

Thanks
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back