Topic: Protocol 43 GRE Forwarding

[Neririn]

Forgive me for I know this has been adressed somewhere, but tonight my searches are turning up nothing.  Can someone tell me how or point me to the forum article that shows how to forward VPN traffic through an SME firewall to an internal VPN server?

Thanks in advance.

[shanen]

I realise this might not help you much, but you may need to use ipcop for this.

As usual, there is 15 million possible configurations that we can configure. Give us an idea of your network and lets see what we can do.

[Neririn]

I basically just need to tell SME to forward all VPN requests to an internal IP address.

[shanen]

As I understand, sme doesn't forward gre...Basically

[Neririn]

So there is no way to use SME as a firewall, but have an internal Windows box run VPN?  That doesnt seem logical to me. IPTables is capable of forwarding protocol 47... SME uses IPTables.  This is right?  Is there a way to manually adjust the template for IPTables to add a FORWARD -p 47 -d <internal_IP> then just use port forwarding to send the ports there as well?  

THis HAS to be possible, I just dont know where/how SME generates the IPTable rules.  Does anyone know where this is done?  How does portforwarding add rules to IPTables?  Can this proccess be accessed manually for non udp/tcp protocols to be defined?

[shanen]

This link should get you going...
http://forums.contribs.org/index.php?topic=19405.msg76872#msg76872

[shanen]

There is a template that looks like it blocks gre from all sites unless SME has negotiated a PPPTP connection with the site.
/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowGRE

I'm sure with a bit more digging around, you will find a solution.

Shane