Date: Tue, 30 Dec 1997 18:04:40 -0600 From: Jim Manley <jmanley@metronet.com> To: "DaveF" <flynnd@bignet.net>, <freebsd-questions@freebsd.org> Subject: Re: Passthrough for VPN via FreeBSD Firewall Message-ID: <97123018131100.00715@darkstar.metronet.com> In-Reply-To: <002001bfd27c$f0b90c20$0f05a8c0@pit.net> References: <002001bfd27c$f0b90c20$0f05a8c0@pit.net>
index | next in thread | previous in thread | raw e-mail
On Fri, 09 Jun 2000, DaveF wrote: > > Does anyone know if you can pass VPN info through a FreeBSD firewall? I am > trying to set up a VPN from a MS client behind a firewall to a distant VPN > server. > Depends on the VPN software you are using. If it is IPSec compliant and you are not doing NAT on the firewall, you will need to pass UDP port 500 for the ISAKMP setup. You will also need to be able to pass IP protocol types 50 and 51. If you are using digital certificates, you'll need to pass TCP 389 (ldap). If you are doing NAT, it may not work since the server will be trying to setup the secure associations with the client and the firewall will be "in the way" in the sense that it is the termination point the server sees but doesn't have the software necessary to set up the secure tunnels. > Can this be done. I can get the CA but when the client tries to connect to > the VPN server, something happens? This is usually the result when the firewall is doing NAT and the client cannot communicate directly with the server. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97123018131100.00715>