From owner-freebsd-questions@FreeBSD.ORG Sun Nov 25 19:22:57 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A30116A420 for ; Sun, 25 Nov 2007 19:22:57 +0000 (UTC) (envelope-from raggen@passagen.se) Received: from av11-1-sn2.hy.skanova.net (av11-1-sn2.hy.skanova.net [81.228.8.183]) by mx1.freebsd.org (Postfix) with ESMTP id 1635313C442 for ; Sun, 25 Nov 2007 19:22:56 +0000 (UTC) (envelope-from raggen@passagen.se) Received: by av11-1-sn2.hy.skanova.net (Postfix, from userid 502) id 317D138297; Sun, 25 Nov 2007 20:22:55 +0100 (CET) Received: from smtp4-2-sn2.hy.skanova.net (smtp4-2-sn2.hy.skanova.net [81.228.8.93]) by av11-1-sn2.hy.skanova.net (Postfix) with ESMTP id 14FE737F1C; Sun, 25 Nov 2007 20:22:55 +0100 (CET) Received: from [192.168.1.31] (90-230-142-213-no41.tbcn.telia.com [90.230.142.213]) by smtp4-2-sn2.hy.skanova.net (Postfix) with ESMTP id B362E37E47; Sun, 25 Nov 2007 20:22:54 +0100 (CET) Message-ID: <4749CC04.40306@passagen.se> Date: Sun, 25 Nov 2007 20:24:52 +0100 From: Roger Olofsson User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Jerahmy Pocott References: <7BB1A732-4F07-499E-A183-22776FEEEE90@optusnet.com.au> <47482C2C.6010700@passagen.se> <894E3C92-2C45-4FC2-8C56-D4B303F0349F@optusnet.com.au> <4748A115.1010002@passagen.se> <57A2907C-0660-458C-B254-3C893B4532CB@optusnet.com.au> <47498012.9000201@passagen.se> <4749B54C.8000703@passagen.se> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Nov 2007 19:22:57 -0000 Jerahmy Pocott skrev: > > On 26/11/2007, at 4:47 AM, Roger Olofsson wrote: >> Hello Jerahmy, >> >> Some progress it seems? Why not set it to allow gre from VPN server >> only? Ie pass in quick on fxp1 proto gre from to any? >> >> The way you ask your question, 'make it work without static ip or >> allowing all traffic', isn't that contradictory? >> >> As for the frag part, I'd say that if gre needs frag, then you will >> have to enable it. >> >> About the CVS, I seem to have misunderstood your question. I assumed >> 10.0.0.2 wanted to recieve CVS inbound and not serve it outbound, or >> am I mistaking again? >> >> /Roger > > Yes, that is what I meant by 'static ip' I could allow all gre from the > specific ip address > but I would prefer that gre traffic be allowed from a host only when an > existing connection > has been opened to it.. > > 10.0.0.2 is a CVS server. > > It seems to me that natd works better with ipsec > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > Hello again Jerahmy, It would seem that there is a PPTP proxy in ipf that you might want to try as well. The syntax would be: map fxp1 10.0.0.0/0 -> 0/32 proxy port 1723 pptp/tcp Good luck! /Roger