From owner-freebsd-questions Sun Jun 11 16:17:46 2000 Delivered-To: freebsd-questions@freebsd.org Received: from sparenix.metronet.com (sparenix.metronet.com [207.170.106.3]) by hub.freebsd.org (Postfix) with SMTP id 19D8937B6A7 for ; Sun, 11 Jun 2000 16:17:43 -0700 (PDT) (envelope-from jmanley@metronet.com) Received: (qmail 15693 invoked by uid 7770); 12 Jun 2000 00:42:46 -0000 Received: from fcn105-111.tmi.net (HELO darkstar.metronet.com) (207.170.105.111) by sparenix.metronet.com with SMTP; 12 Jun 2000 00:42:46 -0000 From: Jim Manley Reply-To: jmanley@metronet.com To: "DaveF" , Subject: Re: Passthrough for VPN via FreeBSD Firewall Date: Tue, 30 Dec 1997 18:04:40 -0600 X-Mailer: KMail [version 1.0.28] Content-Type: text/plain References: <002001bfd27c$f0b90c20$0f05a8c0@pit.net> In-Reply-To: <002001bfd27c$f0b90c20$0f05a8c0@pit.net> MIME-Version: 1.0 Message-Id: <97123018131100.00715@darkstar.metronet.com> Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 09 Jun 2000, DaveF wrote: >=20 > Does anyone know if you can pass VPN info through a FreeBSD firewall? I= am > trying to set up a VPN from a MS client behind a firewall to a distant = VPN > server. >=20 Depends on the VPN software you are using. If it is IPSec compliant and = you are not doing NAT on the firewall, you will need to pass UDP port 500 for= the ISAKMP setup. You will also need to be able to pass IP protocol types 50= and 51. If you are using digital certificates, you'll need to pass TCP 389 (= ldap). If you are doing NAT, it may not work since the server will be trying to = setup=20 the secure associations with the client and the firewall will be "in the = way" in the sense that it is the termination point the server sees but doesn't= have the software necessary to set up the secure tunnels. > Can this be done. I can get the CA but when the client tries to connect= to=20 > the VPN server, something happens?=20 This is usually the result when the firewall is doing NAT and the client = cannot communicate directly with the server. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message