Date: Sun, 25 Nov 2007 20:24:52 +0100 From: Roger Olofsson <raggen@passagen.se> To: Jerahmy Pocott <quakenet1@optusnet.com.au> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Difficulties establishing VPN tunnel with IPNAT Message-ID: <4749CC04.40306@passagen.se> In-Reply-To: <F9EE8494-4DC3-4A84-8606-D8C75248A33F@optusnet.com.au> References: <7BB1A732-4F07-499E-A183-22776FEEEE90@optusnet.com.au> <47482C2C.6010700@passagen.se> <894E3C92-2C45-4FC2-8C56-D4B303F0349F@optusnet.com.au> <4748A115.1010002@passagen.se> <57A2907C-0660-458C-B254-3C893B4532CB@optusnet.com.au> <47498012.9000201@passagen.se> <AADC85EE-9C53-459E-9E6E-F1A701BDC7D9@optusnet.com.au> <4749B54C.8000703@passagen.se> <F9EE8494-4DC3-4A84-8606-D8C75248A33F@optusnet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Jerahmy Pocott skrev: > > On 26/11/2007, at 4:47 AM, Roger Olofsson wrote: >> Hello Jerahmy, >> >> Some progress it seems? Why not set it to allow gre from VPN server >> only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any? >> >> The way you ask your question, 'make it work without static ip or >> allowing all traffic', isn't that contradictory? >> >> As for the frag part, I'd say that if gre needs frag, then you will >> have to enable it. >> >> About the CVS, I seem to have misunderstood your question. I assumed >> 10.0.0.2 wanted to recieve CVS inbound and not serve it outbound, or >> am I mistaking again? >> >> /Roger > > Yes, that is what I meant by 'static ip' I could allow all gre from the > specific ip address > but I would prefer that gre traffic be allowed from a host only when an > existing connection > has been opened to it.. > > 10.0.0.2 is a CVS server. > > It seems to me that natd works better with ipsec > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > Hello again Jerahmy, It would seem that there is a PPTP proxy in ipf that you might want to try as well. The syntax would be: map fxp1 10.0.0.0/0 -> 0/32 proxy port 1723 pptp/tcp Good luck! /Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4749CC04.40306>