Date: Wed, 08 Oct 2003 09:56:27 -0600 From: Adam Bayless <adam@baylessfamily.org> To: freebsd-questions@freebsd.org Subject: Re: IPsec with racoon Message-ID: <6.0.0.22.0.20031008095545.02f29ed8@mail.baylessfamily.org> In-Reply-To: <E1A7GDR-00040Q-00@mail.ohwy.com> References: <E1A7GDR-00040Q-00@mail.ohwy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, I am the ISP, so I can be sure there are no ports blocked... thanks, Adam At 09:27 AM 10/8/2003, rduvall@onlinehighways.net wrote: >You don't have any firewall rules blocking it somewhere in the middle between >the two endpoints, do you? Some ISP's will block all traffic except for >certain >types, but they don't tell you about it. We have a wireless internet >provider >in town that blocks ports to keep people from using certain types of internet >services to save bandwidth. They are an http/email only provider in this >sense. > VPN will not work across this ISP, regardless of the fact that you have > a real >IP address with them. I disagree with ISP's doing this if people are paying >full price for internet service. However, they charge a very low rate, so >people get what they pay for in the end. > >Sincerely, > >Rick Duvall > >--- Adam Bayless <adam@baylessfamily.org> wrote: > > Rick, > > > > Thanks for the suggestion, but it is a publicly routable address. It > > actually appears to be getting all of phase 1 complete and most of phase 2 > > but just never passes any traffic across the VPN tunnel itself, so I am > > past the basic connectivity issues. > > > > Anyone else have any thoughts? > > > > Thanks, > > > > Adam > > > > > > > > > > At 03:06 PM 10/7/2003, rduvall@onlinehighways.net wrote: > > >Is the external IP address of your VPN device an internet routable IP > > >address? > > >I know that if you are on an ADSL without static IP (like Qwest or MSN > > >adsl) the > > >IP address that is automatically assigned via DHCP by the DSL modem is > > >private > > >IP space, and therefore your VPN will not work. I resorted to getting an > > >Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my > > >Qwest MSN > > >and set my VPN to go between the 2 FreeBSD boxes. This gave my > > >firewall/gateway > > >a real IP address. Granted, it is dynamic and I have to change my vpn > every > > >time my IP address get's re-negotiated, but at least it works. I am > > >trying to > > >figure out a way to dynamicly change the VPN config on both ends when ppp > > >comes > > >up so I don't have to do it manually. > > > > > >Sincerely, > > > > > >Rick Duvall > > > > > >--- Adam Bayless <adam@baylessfamily.org> wrote: > > > > I've followed a couple of the tutorials available on the web, > including > > > the > > > > one in the FreeBSD manual, for setting up an IPsec tunnel between two > > > > FreeBSD machines, but I am trying to connect to a netgear VPN > device. I'm > > > > getting past phase 1 and getting an SA but the traffic will not flow. > > > > > > > > Without quoting every piece of config, does anybody have any > pointers on > > > > what might differ between the tutorials on FreeBSD <-> FreeBSD and >talking > > > > to a VPN device? > > > > > > > > Thanks, > > > > > > > > Adam > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------ > > > > Adam Bayless | vi /etc/mail/aliases > > > > Fibernet System Janitor | complaints: /dev/null > > > > adam@baylessfamily.org | :wq > > > > baylessfamily.org/~abayless | newaliases > > > > ------------------------------------------------------------ > > > > > > > > _______________________________________________ > > > > freebsd-questions@freebsd.org mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > > To unsubscribe, send any mail to > > > "freebsd-questions-unsubscribe@freebsd.org" > > > > > > > > > > > > ------------------------------------------------------------ > > Adam Bayless | vi /etc/mail/aliases > > Fibernet System Janitor | complaints: /dev/null > > adam@baylessfamily.org | :wq > > baylessfamily.org/~abayless | newaliases > > ------------------------------------------------------------ > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > ------------------------------------------------------------ Adam Bayless | vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null adam@baylessfamily.org | :wq baylessfamily.org/~abayless | newaliases ------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.0.20031008095545.02f29ed8>