How to Configure Firestarter to Allow VPN
Ubuntu Linux comes with a VPN client called "vpnc" which is an open source alternative for Cisco's VPN Client. It allows you to establish a VPN tunnel between you and a remote network that is gated by a Cisco Systems firewall or router.
Firestarter Was Blocking the VPN Tunnel
Although Firestarter 1.03 would allow vpnc to connect to the remote network, it wouldn't allow me to ping machines on the remote network. More specifically, I was trying to Remote Desktop (RDP) into a Microsoft Windows server using the Terminal Server Client that comes with Ubuntu; Firestarter would not allow the Terminal Server Client to connect. This made the Terminal Server Client appear to be hanging up. However, after I turned off the Firestarter firewall, the remote desktop session would start. After authenticating with the remote machine, I tried starting Firestarter again. This made the Remote Desktop session freeze immediately. Stopping Firestarter (again) made the session resume.
Unfortunately, I was unable to solve this using the graphical user interface of Firestarter 1.03. I tried adding policies in the GUI that would allow all traffic in both directions, but each time I'd restart the firewall, it would again freeze the remote desktop connection I'd established while the firewall was off.
Add "iptables" entries to "/etc/firestarter/user-pre" file.
Open a terminal from Ubuntu's "Applications" menu: Applications | Accessories | Terminal.
Copy the line below, and paste it into the terminal by right clicking in the terminal and selecting "Paste" from the context menu (the ctrl-v method won't paste in Terminal).
sudo nano /etc/firestarter/user-pre
If you're prompted for a password, enter the root password.
Now it is time to add the iptables entries to the user-pre file. For your convenience, I provided the textbox below. Type the ip address of your peer/endpoint (the ip you connect to using vpnc) into the text box below and press the replace button:
You should now see the IP address in 4 of the iptables entries below:
Now, your ip should be in the iptables entries in the textarea box above.
Copy these iptables entries (above)
Click back to the terminal we opened.
Paste the iptables entries into the Terminal by right clicking in the nano editor and selecting "Paste" from the context menu.
Hold down the ctrl key and hit o on the key board (ctrl-o). This will save the iptables entries to your user-pre file.
Exit the nano editor, but not the terminal (ctrl-x).
Now, restart the Firestarter firewall:
sudo /etc/init.d/firestarter restart
Now, you should be able to vpnc to your peer and maintain a remote desktop connection.
Tell others about
About the Author
Comments? Questions? Email Here