Date: Mon, 26 Nov 2007 05:59:15 +1100 From: Jerahmy Pocott <quakenet1@optusnet.com.au> To: Roger Olofsson <raggen@passagen.se> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Difficulties establishing VPN tunnel with IPNAT Message-ID: <F9EE8494-4DC3-4A84-8606-D8C75248A33F@optusnet.com.au> In-Reply-To: <4749B54C.8000703@passagen.se> References: <7BB1A732-4F07-499E-A183-22776FEEEE90@optusnet.com.au> <47482C2C.6010700@passagen.se> <894E3C92-2C45-4FC2-8C56-D4B303F0349F@optusnet.com.au> <4748A115.1010002@passagen.se> <57A2907C-0660-458C-B254-3C893B4532CB@optusnet.com.au> <47498012.9000201@passagen.se> <AADC85EE-9C53-459E-9E6E-F1A701BDC7D9@optusnet.com.au> <4749B54C.8000703@passagen.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26/11/2007, at 4:47 AM, Roger Olofsson wrote: > Hello Jerahmy, > > Some progress it seems? Why not set it to allow gre from VPN server > only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any? > > The way you ask your question, 'make it work without static ip or > allowing all traffic', isn't that contradictory? > > As for the frag part, I'd say that if gre needs frag, then you will > have to enable it. > > About the CVS, I seem to have misunderstood your question. I > assumed 10.0.0.2 wanted to recieve CVS inbound and not serve it > outbound, or am I mistaking again? > > /Roger Yes, that is what I meant by 'static ip' I could allow all gre from the specific ip address but I would prefer that gre traffic be allowed from a host only when an existing connection has been opened to it.. 10.0.0.2 is a CVS server. It seems to me that natd works better with ipsec
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F9EE8494-4DC3-4A84-8606-D8C75248A33F>