Date: Sun, 11 Sep 2011 16:27:14 +0100 From: "Torsten Kersandt" <torsten@cnc-london.net> Cc: <freebsd-pf@freebsd.org> Subject: RE: VPN problem Message-ID: <000f01cc7097$490022a0$db0067e0$@net> In-Reply-To: <201109111117.38461.lobo@bsd.com.br> References: <201109101042.53575.lobo@bsd.com.br> <201109101917.30117.lobo@bsd.com.br> <20110911045732.GC29437@insomnia.benzedrine.cx> <201109111117.38461.lobo@bsd.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
> Why do you have a tun0 interface on the NAT box? That's a virtual tunnel > interface, not a physical interface. Because the tun0 interface IS my ext_if. My ISP modem is in bridge mode and FBSD box gets the public IP via pppoe. > > I thought the client (!= the NAT box) is the VPN endpoint. Not all > encapsulation is done there, the NAT box is somehow involved in this? > > Daniel My home GW is my NAT box, and it is involved. It wasn't suppoesed to interfere but it it is. 1) Here is the map: My home workstation (FBSD amd64) | V My home GW (FBSD i386 NATting to a public IP on ppp/tun0) | V ISP ADSL modem in bridge mode | V INTERNET | V My work GW (FBSD amd64 w/MPD VPN server) | V My work LAN 2) What I am attempting that's not working (but used to work!) Establish a VPM from My home workstation TO My work GW 3) What works every single time Establishing a VPN from My home GW AS A CLIENT to My work GW, using an exact copy of mpd.conf from My home workstation. The fact that I can do it flawlessly from the GW itself but NOT from the My home LAN (or My work LAN for that matter), in my lame opinion, points straight at NAT. 4) Points of notice - My home GW is NOT a VPN server waiting for connections. - 2) MAY work in 1 out of 10 attempts. I don't know how to better explain this but it is as if I have to hit "a lucky timing spot". Sometimes, if I have an open ssh session from My home workstation to My work GW, that "seems to help" establish the VPN connection, but again, sometimes it doesn't "help"at all. - People on My work LAN are having the same kind of problem I'm having, to establish VPN tunnels to outside sites. The common point is that we're all behind FBSD gateways with pf. The condition that "sometimes it works, sometimes it doesn't" made me find this: http://readlist.com/lists/openbsd.org/misc/12/63348.html I don't know if it applies to my case but after days searching, it was the closest thing I could find. Thanks again. -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winblows FREE) _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" Hi Mario Would it not be much easier to use VPN over SSL as with OpenVPN VPN as such has too many protocol dependencies. Having a VPN server for the standard windows user to dial in and use local resources is fine, but Bridging two networks OpenVPN is much easier and reliable for me here and in full use Regards Torsten
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000f01cc7097$490022a0$db0067e0$>