Topic: How to Open Ports for VPN through Mitel Gateway

[ChuckL]

I need to open several ports to allow a Windows NT PC to use VPN to get to my work servers via ADSL through my Mitel 5.12 server.  I know which ports to open (5 of them - 50 for IP, 500 for UDP, 389, 709 and 5080 for TCP) but I don't know how to open them.  I'm very new to this so could you tell me explicitly which templates to change, what to change in them and where to find them?  I've looked through the messages here and at the HowTo's but haven't found anything to do exactly this, and the general Linux HowTo's just plain confused me.  I'd sure appreciate some help!

[Trevor B]

This contributed rpm will install a manager panel that lets you forward ports
http://myezserver.com/downloads/mitel/contrib/portforwarding-0.0.1/

Trevor B

ChuckL wrote:
>
> I need to open several ports to allow a Windows NT PC to use
> VPN to get to my work servers via ADSL through my Mitel 5.12
> server.  I know which ports to open (5 of them - 50 for IP,
> 500 for UDP, 389, 709 and 5080 for TCP) but I don't know how
> to open them.  I'm very new to this so could you tell me
> explicitly which templates to change, what to change in them
> and where to find them?  I've looked through the messages
> here and at the HowTo's but haven't found anything to do
> exactly this, and the general Linux HowTo's just plain
> confused me.  I'd sure appreciate some help!

[ChuckL]

Thanks, Trevor.  I installed it.  I have 7 server addresses to which I need to forward the ports, but when I try to put in more than one it overwrites the first one.  I need to forward to more than one address.  Is that possible?  What file(s) is(are) updated by this panel?

[Lazo]

You can forward to differnet servers, but each one to one different port, you can't repeat!!

[chris meredith]

Could you explain what you are trying to do in a little more detail?  

If you are trying to VPN from behind a E-Smith server to some outside servers, the default install shouldn't stop that.  If you are trying to get from the WAN side of an E-Smith server to the LAN side, your best bet is to VPN TO the E-Smith server, which will give you access to everything on the LAN side as if you where local.

[Bill Talcott]

ChuckL wrote:
>
> Thanks, Trevor.  I installed it.  I have 7 server addresses
> to which I need to forward the ports, but when I try to put
> in more than one it overwrites the first one.  I need to
> forward to more than one address.  Is that possible?  What
> file(s) is(are) updated by this panel?

You have one public IP with a set of ports. You're just telling it to send anything coming in on a certain port (like 1234) to a certain computer on the LAN (like 192.168.1.100). Each IP:port can only "belong to" one computer, and you only have the one public IP to use... You could forward 1234 to PC1:1234, and 1235 to PC2:1234, and 1236 to PC3:1234 and so on. Then the connection would get to each LAN PC on the right port, you'd just have to access the public IP using different ports to go to the different PCs...

If you just want to allow an NT server behind the SME to handle VPN requests, see http://forums.contribs.org/index.php?topic=13306.msg50382#msg50382 for details.

[Jon Thiele]

ChuckL wrote:
>
> I need to open several ports to allow a Windows NT PC to use
> VPN to get to my work servers via ADSL through my Mitel 5.12
> server.  I know which ports to open

<>

look up this message:

http://forums.contribs.org/index.php?topic=13648.msg51840#msg51840

also, search for "nortel" on these boards - they seem to be the one vpn with the most problems - but the vpn problems have been solved...

[ChuckL]

Here're the details.  I have a Windows NT notebook PC supplied by my employer.  It connects to their WAN via AT&T Global.  I have a Mitel 5.12 server at home connected to Directvinternet operating as server and gateway.

I want to be able to connect the Windows NT notebook PC to my home LAN and then run the AT&T client VPN software on the notebook to connect to AT&T Global and then to my employer's WAN.

When I try this it indicates that I need to open a port, and AT&T's support has indicated that I need to have ports 50 for IP, 500 for UDP, 389, 709, and 5080 open for TCP.

I might add that the AT&T Global client is using IPSEC.

The client can connect to any one of 7 VPN servers, all with different IP addresses.  I have no control over which one it attempts to connect with, it appears to try the servers in random order.

[Bill Talcott]

Is the SME between the VPN servers and the internet, or between your PC and the internet? If it's at your end, you'd just need to open the ports up and forward them to your PC's IP address. Anything you can't do with the Port Forwarding panel can be done using the syntax given in the NT VPN thread I posted a link to. That will allow any traffic coming at your SME to be directed to your PC. The remote public addresses don't matter...

If the VPN servers all have private addresses behind an SME with one public IP, then you'll have to do something else to get outside traffic to the proper server (like having a different port mapped to each server).

[ChuckL]

The Windows NT PC is on my home lan, behind the SME server.  The VPN Servers are at AT&T Global.  

How do I forward the ports?  I have 7 addresses to forward them to.

[Michael Smith]

I'm assuming you've tried it and it hasn't worked?  If you're trying to establish a VPN from within your local LAN it shouldn't be a problem ... no portforwarding needed!  Perhaps the trouble is at your employer's end ... the VPN servers there are expecting incoming connections with certain characteristics, perhaps from within an AT&T dialup IP address space.

[Jon Thiele]

ChuckL wrote:
>
> Here're the details.  I have a Windows NT notebook PC
> supplied by my employer.  It connects to their WAN via AT&T
> Global.  I have a Mitel 5.12 server at home connected to
> Directvinternet operating as server and gateway.
>

<>

chuck, did you run the commands and reboot as suggested by my previous message???

[ChuckL]

Yes, the first ran ok, but the second; /sbin/e-smith/signal-event remoteaccess-update displays an error indicating that it can't open the directory /etc/e-smith/events/remoteaccess-update.

[ChuckL]

I got it working!!  I tried running the command you sent me (the one that failed) in different ways (space before the dashes, after the dashes, etc.) and finally, it worked.  After that the Windows NT machine was able to connect w/no problem.

[ChuckL]

I got it working!!  I tried running the command you sent me (the one that failed) in different ways (space before the dashes, after the dashes, etc.) and finally, it worked.  After that the Windows NT machine was able to connect w/no problem.  I really appreciate your help.