What I wish to do A) connect from my iPad/Mac/anything over secure VPN connection to my home network so I am able to see my files and B) in ideal world to use my home network connections for secure browsing from remote connection.
I can do the A part of the job over OpenVPN (but only from computer), therefore I would like to switch to PPTP or L2TP which is supported by iOS.
I understood from wpte that rp-l2tp is implemented ( http://wl500g.info/showthread.php?p=234732 ). I tried to follow theMIROn's guidance ( http://wl500g.info/showthread.php?p=231202 ). But I am unable to connect from remote location to my router's l2tp VPN.
My current set-up / steps I've done:
/etc/l2tp/l2tp.conf
Code:
global
load-handler "sync-pppd.so"
load-handler "cmd.so"
section sync-pppd
lns-pppd-opts "file /opt/etc/ppp/options"
section peer
peer 0.0.0.0
mask 0
lns-handler sync-pppd
section cmd
/opt/etc/ppp/options
Code:
noauth
nomppe nomppc
ktune
default-asyncmap nopcomp noaccomp
novj nobsdcomp nodeflate
lcp-echo-interval 10
lcp-echo-failure 6
# vpn clients ip range and netmask
192.168.100.1:192.168.100.10
netmask 255.255.255.0
# vpn clients dns servers
#ms-dns 192.168.100.1
#ms-dns 192.168.100.2
ip-up-script /opt/etc/ppp/ip-up
ip-down-script /opt/etc/ppp/ip-down
/tmp/ppp/chap-secrets
Code:
#login server passwd IP addresses
myuser * mypass *
/opt/etc/ppp/ip-up (chmod +x)
Code:
!/bin/sh
/usr/bin/logger -t L2TP "client connected [$*]"
iptables -I INPUT 1 -i $1 -j ACCEPT
iptables -I FORWARD 1 -i $1 -j ACCEPT
iptables -t nat -A POSTROUTING -o $1 -j MASQUERADE
/opt/etc/ppp/ip-down (chmod +x)
Code:
#!/bin/sh
/usr/bin/logger -t L2TP "client disconnected [$*]"
iptables -D INPUT -i $1 -j ACCEPT
iptables -D FORWARD -i $1 -j ACCEPT
iptables -t nat -D POSTROUTING -o $1 -j MASQUERADE
/usr/local/sbin/post-firewall
Code:
#!/bin/sh
#L2TP
/usr/bin/logger -t L2TP "allow incoming connections [$*]"
iptables -P INPUT DROP
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp -m udp --dport 1701 -j ACCEPT
#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i vlan1 -p udp --dport 1194 -j DNAT --to-destination 192.168.1.1:1194
iptables -A INPUT -j DROP
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
#FTP
iptables -I INPUT -p tcp --dport 21 -j ACCEPT
iptables -I INPUT -p tcp --dport 55000:60000 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 55000:60000 -j DNAT --to-destination 192.168.1.1
/usr/local/sbin/post-boot
Code:
#!/bin/sh
/usr/bin/logger -t L2TP "start serving connections [$*]"
# make sure configs above do exist
l2tpd
/usr/local/.files
Code:
/etc/fstab
/usr/local/root/.ssh/id_rsa.pub
/tmp/etc/passwd
/tmp/etc/group
/tmp/ppp/chap-secrets
/tmp/etc/l2tp/l2tp.conf
I think (in case I am not totally of topic and l2tp is not meant for this purpose) my weak point is post-firewall as I am total noob in iptables and honestly I don't understand it.
Please let me know if I should attach any logs that could help you help me. I am not asking for solution (although I would not say no ), a hint with direction would be very appreciated - I am happy to learn something.
-----------------
netstat -an | grep 1701
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:1701 0.0.0.0:*
pss l2tpd
cat syslog.log | grep L2TP
Code:
Jan 1 01:00:04 L2TP: allow incoming connections [vlan2 0.0.0.0 br0 192.168.1.1]
Jan 1 01:00:05 L2TP: allow incoming connections [vlan2 78.102.x.x br0 192.168.1.1]
Jan 1 01:00:05 L2TP: start serving connections []