Date: Sun, 25 Nov 2007 06:14:32 +1100 From: Jerahmy Pocott <quakenet1@optusnet.com.au> To: Roger Olofsson <raggen@passagen.se> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Difficulties establishing VPN tunnel with IPNAT Message-ID: <28C36E57-D68D-4601-81B2-A7F617412793@optusnet.com.au> In-Reply-To: <47482C2C.6010700@passagen.se> References: <7BB1A732-4F07-499E-A183-22776FEEEE90@optusnet.com.au> <47482C2C.6010700@passagen.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry, the issue is connecting TO any out side VPN, not connecting from outside. I tested with ipf set to accept all and it still failed, so I figured it must be ipnat.. I had no issues when using ipfw/natd. On 25/11/2007, at 12:50 AM, Roger Olofsson wrote: > Hello Jerahmy, > > Assuming you want to connect from the outside to your VPN. > > Have you made sure that port 2401 is open for inbound traffic in > your ipf.rules? > > You might also want to do 'ipnat -C -f <path to ipnat.rules>'. Man > ipnat ;^) > > Greeting from Sweden > /Roger > > > > Jerahmy Pocott skrev: >> Hello, >> I recently decided to give ipf and ipnat a try, previously I had >> always been using >> ipfw and natd. Since switching over I can no longer establish a >> VPN tunnel from >> any system behind the gateway. >> I did 'ipf -F a' to flush all rules but I was still unable to >> connect so I think it's a problem >> with ipnat? Also my redirect from ipnat doesn't seem to work either. >> These are the only ipnat rules I have: >> (fxp1 is the external interface) >> # ipnat built in ftp proxy rules >> map fxp1 10.0.0.0/24 -> 0/32 proxy port 21 ftp/tcp >> map fxp1 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp >> # CVS Server on Fileserv >> rdr fxp1 0/32 port 2401 -> 10.0.0.2 port 2401 tcp/udp >> # nat all out going traffic on fxp1 from internal lan >> map fxp1 10.0.0.0/24 -> 0/32 >> I can post my firewall rules too if that would help, however with >> NO rules set it >> still didn't work so I don't think that would help.. (I'm using >> the klm which is default >> to accept?) >> Thanks! >> J. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions- >> unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28C36E57-D68D-4601-81B2-A7F617412793>