Date: Wed, 08 Oct 2003 08:27:03 -0700 From: rduvall@onlinehighways.net <rduvall@onlinehighways.net> To: adam@baylessfamily.org Cc: freebsd-questions@freebsd.org Subject: Re: IPsec with racoon Message-ID: <E1A7GDR-00040Q-00@mail.ohwy.com>
next in thread | raw e-mail | index | archive | help
You don't have any firewall rules blocking it somewhere in the middle between the two endpoints, do you? Some ISP's will block all traffic except for certain types, but they don't tell you about it. We have a wireless internet provider in town that blocks ports to keep people from using certain types of internet services to save bandwidth. They are an http/email only provider in this sense. VPN will not work across this ISP, regardless of the fact that you have a real IP address with them. I disagree with ISP's doing this if people are paying full price for internet service. However, they charge a very low rate, so people get what they pay for in the end. Sincerely, Rick Duvall --- Adam Bayless <adam@baylessfamily.org> wrote: > Rick, > > Thanks for the suggestion, but it is a publicly routable address. It > actually appears to be getting all of phase 1 complete and most of phase 2 > but just never passes any traffic across the VPN tunnel itself, so I am > past the basic connectivity issues. > > Anyone else have any thoughts? > > Thanks, > > Adam > > > > > At 03:06 PM 10/7/2003, rduvall@onlinehighways.net wrote: > >Is the external IP address of your VPN device an internet routable IP > >address? > >I know that if you are on an ADSL without static IP (like Qwest or MSN > >adsl) the > >IP address that is automatically assigned via DHCP by the DSL modem is > >private > >IP space, and therefore your VPN will not work. I resorted to getting an > >Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my > >Qwest MSN > >and set my VPN to go between the 2 FreeBSD boxes. This gave my > >firewall/gateway > >a real IP address. Granted, it is dynamic and I have to change my vpn every > >time my IP address get's re-negotiated, but at least it works. I am > >trying to > >figure out a way to dynamicly change the VPN config on both ends when ppp > >comes > >up so I don't have to do it manually. > > > >Sincerely, > > > >Rick Duvall > > > >--- Adam Bayless <adam@baylessfamily.org> wrote: > > > I've followed a couple of the tutorials available on the web, including > > the > > > one in the FreeBSD manual, for setting up an IPsec tunnel between two > > > FreeBSD machines, but I am trying to connect to a netgear VPN device. I'm > > > getting past phase 1 and getting an SA but the traffic will not flow. > > > > > > Without quoting every piece of config, does anybody have any pointers on > > > what might differ between the tutorials on FreeBSD <-> FreeBSD and talking > > > to a VPN device? > > > > > > Thanks, > > > > > > Adam > > > > > > > > > > > > > > > > > > ------------------------------------------------------------ > > > Adam Bayless | vi /etc/mail/aliases > > > Fibernet System Janitor | complaints: /dev/null > > > adam@baylessfamily.org | :wq > > > baylessfamily.org/~abayless | newaliases > > > ------------------------------------------------------------ > > > > > > _______________________________________________ > > > freebsd-questions@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > > > > > > ------------------------------------------------------------ > Adam Bayless | vi /etc/mail/aliases > Fibernet System Janitor | complaints: /dev/null > adam@baylessfamily.org | :wq > baylessfamily.org/~abayless | newaliases > ------------------------------------------------------------ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1A7GDR-00040Q-00>