From owner-freebsd-hackers Sat Sep 28 9:59:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E999037B401 for ; Sat, 28 Sep 2002 09:59:48 -0700 (PDT) Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 941AA43E65 for ; Sat, 28 Sep 2002 09:59:48 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0305.cvx40-bradley.dialup.earthlink.net ([216.244.43.50] helo=mindspring.com) by harrier.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 17vKwP-0005nl-00; Sat, 28 Sep 2002 09:59:41 -0700 Message-ID: <3D95DD4C.EAD33CF0@mindspring.com> Date: Sat, 28 Sep 2002 09:48:12 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Ian Cartwright Cc: freebsd-hackers@freebsd.org Subject: Re: VPN Routing through gif (4) tunnel References: <003b01c2670f$ab21bac0$6600a8c0@iansxp> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ian Cartwright wrote: > I am trying to construct a "B2B" mode VPN tunnel between my house and my > work using FreeBSD. My work uses Checkpoint VPN-1 and I have a FreeBSD > firewall that is running ipfilter to do firewall/NAT duties. I have so > far been successful in creating a tunnel between the FreeBSD box and my > work VPN server using /usr/ports/security/racoon, gif (4), and the IPSEC > kernel module. I am able to establish a tunnel and pass packets from my > FreeBSD firewall to my work network. I have not been able to pass > packets from the rest of my home network to my work over the VPN tunnel. > The packets seem to never make it into the tunnel, and also do not pass > out to the Internet via my firewall. Do a tcpdump on the VPN box itself. Then attempt a connection. If the packets are being sent to the remote end, and a response packet is coming back, but the packet is not being forwarded, then it's likely the same problem I've seen. The only fix I've seen that works is to get rid of the default route on the VPN box itself, and use point-to-point routes, instead. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message