From owner-freebsd-questions@FreeBSD.ORG Wed Oct 8 08:56:36 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AB3716A4BF for ; Wed, 8 Oct 2003 08:56:36 -0700 (PDT) Received: from mail.fiber.net (mail.fiber.net [216.83.130.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A3F843FCB for ; Wed, 8 Oct 2003 08:56:33 -0700 (PDT) (envelope-from adam@baylessfamily.org) Received: from yo_ink.fiber.net (user-211.office.fiber.net [216.83.129.211]) by mail.fiber.net (8.12.9/8.12.9) with ESMTP id h98Fusht016807 for ; Wed, 8 Oct 2003 09:56:54 -0600 (MDT) Message-Id: <6.0.0.22.0.20031008095545.02f29ed8@mail.baylessfamily.org> X-Sender: abayless@mail.baylessfamily.org (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Wed, 08 Oct 2003 09:56:27 -0600 To: freebsd-questions@freebsd.org From: Adam Bayless In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: IPsec with racoon X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Oct 2003 15:56:36 -0000 Well, I am the ISP, so I can be sure there are no ports blocked... thanks, Adam At 09:27 AM 10/8/2003, rduvall@onlinehighways.net wrote: >You don't have any firewall rules blocking it somewhere in the middle between >the two endpoints, do you? Some ISP's will block all traffic except for >certain >types, but they don't tell you about it. We have a wireless internet >provider >in town that blocks ports to keep people from using certain types of internet >services to save bandwidth. They are an http/email only provider in this >sense. > VPN will not work across this ISP, regardless of the fact that you have > a real >IP address with them. I disagree with ISP's doing this if people are paying >full price for internet service. However, they charge a very low rate, so >people get what they pay for in the end. > >Sincerely, > >Rick Duvall > >--- Adam Bayless wrote: > > Rick, > > > > Thanks for the suggestion, but it is a publicly routable address. It > > actually appears to be getting all of phase 1 complete and most of phase 2 > > but just never passes any traffic across the VPN tunnel itself, so I am > > past the basic connectivity issues. > > > > Anyone else have any thoughts? > > > > Thanks, > > > > Adam > > > > > > > > > > At 03:06 PM 10/7/2003, rduvall@onlinehighways.net wrote: > > >Is the external IP address of your VPN device an internet routable IP > > >address? > > >I know that if you are on an ADSL without static IP (like Qwest or MSN > > >adsl) the > > >IP address that is automatically assigned via DHCP by the DSL modem is > > >private > > >IP space, and therefore your VPN will not work. I resorted to getting an > > >Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my > > >Qwest MSN > > >and set my VPN to go between the 2 FreeBSD boxes. This gave my > > >firewall/gateway > > >a real IP address. Granted, it is dynamic and I have to change my vpn > every > > >time my IP address get's re-negotiated, but at least it works. I am > > >trying to > > >figure out a way to dynamicly change the VPN config on both ends when ppp > > >comes > > >up so I don't have to do it manually. > > > > > >Sincerely, > > > > > >Rick Duvall > > > > > >--- Adam Bayless wrote: > > > > I've followed a couple of the tutorials available on the web, > including > > > the > > > > one in the FreeBSD manual, for setting up an IPsec tunnel between two > > > > FreeBSD machines, but I am trying to connect to a netgear VPN > device. I'm > > > > getting past phase 1 and getting an SA but the traffic will not flow. > > > > > > > > Without quoting every piece of config, does anybody have any > pointers on > > > > what might differ between the tutorials on FreeBSD <-> FreeBSD and >talking > > > > to a VPN device? > > > > > > > > Thanks, > > > > > > > > Adam > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------ > > > > Adam Bayless | vi /etc/mail/aliases > > > > Fibernet System Janitor | complaints: /dev/null > > > > adam@baylessfamily.org | :wq > > > > baylessfamily.org/~abayless | newaliases > > > > ------------------------------------------------------------ > > > > > > > > _______________________________________________ > > > > freebsd-questions@freebsd.org mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > > To unsubscribe, send any mail to > > > "freebsd-questions-unsubscribe@freebsd.org" > > > > > > > > > > > > ------------------------------------------------------------ > > Adam Bayless | vi /etc/mail/aliases > > Fibernet System Janitor | complaints: /dev/null > > adam@baylessfamily.org | :wq > > baylessfamily.org/~abayless | newaliases > > ------------------------------------------------------------ > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > ------------------------------------------------------------ Adam Bayless | vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null adam@baylessfamily.org | :wq baylessfamily.org/~abayless | newaliases ------------------------------------------------------------