From owner-freebsd-questions@FreeBSD.ORG Sat Nov 24 19:14:36 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4307216A417 for ; Sat, 24 Nov 2007 19:14:36 +0000 (UTC) (envelope-from quakenet1@optusnet.com.au) Received: from mail10.syd.optusnet.com.au (mail10.syd.optusnet.com.au [211.29.132.191]) by mx1.freebsd.org (Postfix) with ESMTP id DB50013C461 for ; Sat, 24 Nov 2007 19:14:35 +0000 (UTC) (envelope-from quakenet1@optusnet.com.au) Received: from [10.0.0.3] (c220-239-172-188.belrs4.nsw.optusnet.com.au [220.239.172.188]) by mail10.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id lAOJEX5M001956; Sun, 25 Nov 2007 06:14:34 +1100 In-Reply-To: <47482C2C.6010700@passagen.se> References: <7BB1A732-4F07-499E-A183-22776FEEEE90@optusnet.com.au> <47482C2C.6010700@passagen.se> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <28C36E57-D68D-4601-81B2-A7F617412793@optusnet.com.au> Content-Transfer-Encoding: 7bit From: Jerahmy Pocott Date: Sun, 25 Nov 2007 06:14:32 +1100 To: Roger Olofsson X-Mailer: Apple Mail (2.752.2) Cc: FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 19:14:36 -0000 Sorry, the issue is connecting TO any out side VPN, not connecting from outside. I tested with ipf set to accept all and it still failed, so I figured it must be ipnat.. I had no issues when using ipfw/natd. On 25/11/2007, at 12:50 AM, Roger Olofsson wrote: > Hello Jerahmy, > > Assuming you want to connect from the outside to your VPN. > > Have you made sure that port 2401 is open for inbound traffic in > your ipf.rules? > > You might also want to do 'ipnat -C -f '. Man > ipnat ;^) > > Greeting from Sweden > /Roger > > > > Jerahmy Pocott skrev: >> Hello, >> I recently decided to give ipf and ipnat a try, previously I had >> always been using >> ipfw and natd. Since switching over I can no longer establish a >> VPN tunnel from >> any system behind the gateway. >> I did 'ipf -F a' to flush all rules but I was still unable to >> connect so I think it's a problem >> with ipnat? Also my redirect from ipnat doesn't seem to work either. >> These are the only ipnat rules I have: >> (fxp1 is the external interface) >> # ipnat built in ftp proxy rules >> map fxp1 10.0.0.0/24 -> 0/32 proxy port 21 ftp/tcp >> map fxp1 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp >> # CVS Server on Fileserv >> rdr fxp1 0/32 port 2401 -> 10.0.0.2 port 2401 tcp/udp >> # nat all out going traffic on fxp1 from internal lan >> map fxp1 10.0.0.0/24 -> 0/32 >> I can post my firewall rules too if that would help, however with >> NO rules set it >> still didn't work so I don't think that would help.. (I'm using >> the klm which is default >> to accept?) >> Thanks! >> J. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions- >> unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"