Hi,

I have set up a little LT2P/IPSEC VPN server on a little Kirkwood device (wheezy/linux3.5)

I want to use it to securely use public wifi with my ipad .. so traffic goes from the ipad through the wifi hotspot to my wifi cable router to my wifi interface (wlan0) of the Kirkwood and does the iptables/VPN server stuff out to the net back in to the VPN server and back to the ipad via my cable router and the public hotspot ... ive tested it and it seems to work ok - all seems encrypted

(my router port fwds to the Kirkwood 1701(TCP)/4500(UDP)/500(UDP)

I just need to apply some rules to lock it down a bit (iptables) and get the customary LED flashing when there is network traffic :-)

could anyone suggest a simple set of rules for iptables to suit ?...

and also how do I go about getting the LED to flash on and off with the network traffic (presumably this is an iptables rule as well ?) .. the following switches the LED on and off

LED ON
echo 255 > /sys/class/leds/power_red_led/brightness

LED OFF
echo 0 > /sys/class/leds/power_red_led/brightness



thanks for your help .. rgds

ian

sorted out the flashing LED's on traffic ... just need to make sure you have the LED's and netfilter's LED module compiled in to the kernel (which fortunately I selected in one of my many iterations to get a working VPN kernel)

then for example to flash on SSH traffic

iptables -A INPUT -p tcp --dport 22 -j LED --led-trigger-id ssh --led-delay 1000
echo netfilter-ssh > /sys/class/leds/power_red_led/trigger

and for me to show traffic on input/fwd/output interfaces :

eg flash blue on any network traffic on input/fwd/output sides


iptables -A INPUT -p all -j LED --led-trigger-id intraf --led-delay 100
echo netfilter-intraf > /sys/class/leds/usb_2_led/trigger

iptables -A FORWARD -p all -j LED --led-trigger-id fwdtraf --led-delay 100
echo netfilter-fwdtraf > /sys/class/leds/usb_3_led/trigger

iptables -A OUTPUT -p all -j LED --led-trigger-id outtraf --led-delay 100
echo netfilter-outtraf > /sys/class/leds/usb_4_led/trigger


just need to alter the IP tables rule for all traffic etc and select an appropriate LED :-)
(you need to make sure you save the IPtables rules you add and also run the echo command on boot eg by adding to /etc/rc.local?)



Edited 2 time(s). Last edit at 03/17/2013 07:58PM by hyena.

Hi Ian-

would you mind listing the steps you used to implement L2TP/IPSEC? I tried this a couple of years ago, and was never able to get something to work with my iPhone/iPad, but I have been using PPTPD with no issues for a while. Now that i'm running Wheezy on my Dockstar, I think I'm ready to try this again.

Thanks,
Chris