I'm trying to allow passthrough VPN connection to my Windows 2008 server behind OpenWRT.
Right now, I have the following in my firewall.user, but it doesn't work:
/etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
iptables -A forwarding_wan -p esp -j ACCEPT
iptables -A forwarding_wan -p ah -j ACCEPT
iptables -A forwarding_wan -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A forwarding_wan -p udp --sport 4500 --dport 4500 -j ACCEPT
iptables -t nat -A prerouting_wan -p udp --dport 500 -j DNAT --to 192.168.1.222
iptables -t nat -A prerouting_wan -p udp --dport 4500 -j DNAT --to 192.168.1.222
iptables -t nat -A postrouting_rule -p esp -j ACCEPT
iptables -t nat -A postrouting_rule -p ah -j ACCEPT
Is it even possible to run IPSec VPN server behind NAT with OpenWRT? If so, what am I missing.
Thanks.