Allowing VPN traffic trough Ubuntu firewall to connect on Sophos firewall





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















I need advice to achieve something and I can't find the answer anywhere.



I'm setting up a network in a test lab. I have an Ubuntu machine that runs SNORT as an IDS and it's the only machine that as an internet connexion. This machine is connected to a Sophos machine that is our primary firewall. Behind the Sophos firewall, we have a DMZ network and an internal network with clients and various servers.



I setted up a L2TP over IPsec VPN on the sophos machine and I know that I can connect to it since I have a test machine between SNORT and Sophos and the connexion works. My problem is that I can't access my VPN if I try to connect to it with the external IP address of the SNORT machine.



I've been able to NAT internet to the machines that need an internet connexion using masquerading and this part works fine. If anyone know how to allow my VPN to connect through the SNORT machine, it would be a life savor right now.



Thanks a lot and any help is much appreciated






vpn firewall ipsec







share|improve this question























  • SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...

    – Thomas Ward
    Feb 10 at 22:39











  • I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN

    – Émile Grenier
    Feb 11 at 16:54











  • I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks

    – Émile Grenier
    Feb 11 at 16:57











  • you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced iptables rules which ufw will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to use iptables directly instead of using UFW for port forwarding)

    – Thomas Ward
    Feb 12 at 2:48













  • I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.

    – Émile Grenier
    Feb 12 at 2:59


















0















I need advice to achieve something and I can't find the answer anywhere.



I'm setting up a network in a test lab. I have an Ubuntu machine that runs SNORT as an IDS and it's the only machine that as an internet connexion. This machine is connected to a Sophos machine that is our primary firewall. Behind the Sophos firewall, we have a DMZ network and an internal network with clients and various servers.



I setted up a L2TP over IPsec VPN on the sophos machine and I know that I can connect to it since I have a test machine between SNORT and Sophos and the connexion works. My problem is that I can't access my VPN if I try to connect to it with the external IP address of the SNORT machine.



I've been able to NAT internet to the machines that need an internet connexion using masquerading and this part works fine. If anyone know how to allow my VPN to connect through the SNORT machine, it would be a life savor right now.



Thanks a lot and any help is much appreciated






vpn firewall ipsec







share|improve this question























  • SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...

    – Thomas Ward
    Feb 10 at 22:39











  • I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN

    – Émile Grenier
    Feb 11 at 16:54











  • I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks

    – Émile Grenier
    Feb 11 at 16:57











  • you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced iptables rules which ufw will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to use iptables directly instead of using UFW for port forwarding)

    – Thomas Ward
    Feb 12 at 2:48













  • I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.

    – Émile Grenier
    Feb 12 at 2:59














0












0








0








I need advice to achieve something and I can't find the answer anywhere.



I'm setting up a network in a test lab. I have an Ubuntu machine that runs SNORT as an IDS and it's the only machine that as an internet connexion. This machine is connected to a Sophos machine that is our primary firewall. Behind the Sophos firewall, we have a DMZ network and an internal network with clients and various servers.



I setted up a L2TP over IPsec VPN on the sophos machine and I know that I can connect to it since I have a test machine between SNORT and Sophos and the connexion works. My problem is that I can't access my VPN if I try to connect to it with the external IP address of the SNORT machine.



I've been able to NAT internet to the machines that need an internet connexion using masquerading and this part works fine. If anyone know how to allow my VPN to connect through the SNORT machine, it would be a life savor right now.



Thanks a lot and any help is much appreciated






vpn firewall ipsec







share|improve this question














I need advice to achieve something and I can't find the answer anywhere.



I'm setting up a network in a test lab. I have an Ubuntu machine that runs SNORT as an IDS and it's the only machine that as an internet connexion. This machine is connected to a Sophos machine that is our primary firewall. Behind the Sophos firewall, we have a DMZ network and an internal network with clients and various servers.



I setted up a L2TP over IPsec VPN on the sophos machine and I know that I can connect to it since I have a test machine between SNORT and Sophos and the connexion works. My problem is that I can't access my VPN if I try to connect to it with the external IP address of the SNORT machine.



I've been able to NAT internet to the machines that need an internet connexion using masquerading and this part works fine. If anyone know how to allow my VPN to connect through the SNORT machine, it would be a life savor right now.



Thanks a lot and any help is much appreciated






vpn firewall ipsec




vpn firewall ipsec






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Feb 10 at 22:34









Émile GrenierÉmile Grenier

1




1













  • SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...

    – Thomas Ward
    Feb 10 at 22:39











  • I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN

    – Émile Grenier
    Feb 11 at 16:54











  • I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks

    – Émile Grenier
    Feb 11 at 16:57











  • you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced iptables rules which ufw will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to use iptables directly instead of using UFW for port forwarding)

    – Thomas Ward
    Feb 12 at 2:48













  • I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.

    – Émile Grenier
    Feb 12 at 2:59



















  • SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...

    – Thomas Ward
    Feb 10 at 22:39











  • I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN

    – Émile Grenier
    Feb 11 at 16:54











  • I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks

    – Émile Grenier
    Feb 11 at 16:57











  • you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced iptables rules which ufw will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to use iptables directly instead of using UFW for port forwarding)

    – Thomas Ward
    Feb 12 at 2:48













  • I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.

    – Émile Grenier
    Feb 12 at 2:59

















SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...

– Thomas Ward
Feb 10 at 22:39





SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...

– Thomas Ward
Feb 10 at 22:39













I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN

– Émile Grenier
Feb 11 at 16:54





I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN

– Émile Grenier
Feb 11 at 16:54













I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks

– Émile Grenier
Feb 11 at 16:57





I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks

– Émile Grenier
Feb 11 at 16:57













you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced iptables rules which ufw will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to use iptables directly instead of using UFW for port forwarding)

– Thomas Ward
Feb 12 at 2:48







you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced iptables rules which ufw will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to use iptables directly instead of using UFW for port forwarding)

– Thomas Ward
Feb 12 at 2:48















I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.

– Émile Grenier
Feb 12 at 2:59





I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.

– Émile Grenier
Feb 12 at 2:59










0






active

oldest

votes












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1117233%2fallowing-vpn-traffic-trough-ubuntu-firewall-to-connect-on-sophos-firewall%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1117233%2fallowing-vpn-traffic-trough-ubuntu-firewall-to-connect-on-sophos-firewall%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Human spaceflight

Image
Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e...
Read more

Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

Image
0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB] ...
Read more

張江高科駅

Image
張江高科駅 ちょうこうこうか Zhangjiang Hi-Tech Park 所在地 中国上海市浦東新区 所属事業者 上海地鉄運営有限公司(上海軌道交通・駅詳細) 上海浦東現代有軌交通有限公司(駅詳細) テンプレートを表示 張江高科駅 各種表記 繁体字: 張江高科站 簡体字: 张江高科站 拼音 : Zhàngjiāng Gāokē Zhàn 発音: ヂャンジャン ガオクー ヂャン 英文: Zhangjiang Hi-Tech Park Station テンプレートを表示 張江高科駅 (ちょうこうこうか-えき)は中華人民共和国上海市浦東新区に位置する、上海軌道交通2号線の駅である。 なお、張江高科駅前にある張江軌道電車の 張江地鉄駅駅 についてもここで述べる。 目次 1 利用可能な鉄道路線 2 沿革 3 駅構造 3.1 上海軌道交通 3.2 張江軌道電車 4 駅周辺 5 隣の駅 6 注釈 7 関連項目 利用可能な鉄道路線 上海軌道交通 ■ 2号線 上海浦東現代有軌交通有限公司 ■ 張江軌道電車 沿革 高架駅時代の姿 2000年12月27日 - 2号線の駅が高架駅として開業。 2010年 1月1日 - 張江軌道電車の開業に伴い、張江地鉄駅駅(停留所)を設置。 2月13日 - 駅地下化に伴い高架駅の運用停止。 2月24日 - 10日間の閉鎖を経て地下新駅の開業。 2017年2月9日 - リニューアル工事を経て再開業。乗降客の増加に対応し、ホームへのエレベーター、エスカレーターを増設、券売機エリアを拡張した [1] 。 駅構造 上海軌道交通 上海軌道交通 張江高科駅 5号口 ちょうこうこうか Zhangjiang Hi-Tech Park ◄ 竜陽路 (2.60km) (1.61km) 金科路 ► 所在地 中国上海市浦東新区松涛路 祖冲之路 (中国語版) 北緯31度12分11秒 東経121度34分50秒  /  北緯31.2...
Read more