Date: Sat, 10 Sep 2011 10:42:53 -0300 From: Mario Lobo <lobo@bsd.com.br> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: freebsd-pf@freebsd.org Subject: Re: VPN problem Message-ID: <201109101042.53575.lobo@bsd.com.br>
next in thread | raw e-mail | index | archive | help
On Saturday 10 September 2011 02:45:38 Daniel Hartmeier wrote: > On Fri, Sep 09, 2011 at 04:46:15PM -0300, Mario Lobo wrote: > More details in an old thread > http://lists.freebsd.org/pipermail/freebsd-pf/2006-November/002834.html > > If this is not the problem, you'll have to provide more details, like > tcpdump on the pf NAT box (on both external and internal interfaces) > while trying to establish a connection, run pfctl -vvss, pfctl -si > before and after, use 'set debug misc' and watch /var/log/messages, etc. > Daniel; I put set debug misc on pf.conf. As soon as I made my first attempt to connect, I got this: Sep 10 10:27:16 lobos kernel: pf_map_addr: selected address 177.17.68.103 Sep 10 10:27:49 lobos last message repeated 83 times Sep 10 10:28:59 lobos last message repeated 283 times Sep 10 10:28:59 lobos kernel: pf: NAT proxy port allocation (1024-65535) failed Sep 10 10:29:00 lobos kernel: pf_map_addr: selected address 177.17.68.103 Sep 10 10:29:15 lobos last message repeated 22 times Sep 10 10:29:15 lobos kernel: pf: loose state match: TCP 174.122.209.54:110 174.122.209.54:110 10.10.10.2:20941 [lo=2747216958 high=2747223832 win=4105 modulator=0 wscale=4] [lo=2628859950 high=2628925592 win=54 mod Sep 10 10:29:15 lobos kernel: pf: loose state match: TCP 10.10.10.2:20941 177.17.68.103:27334 174.122.209.54:110 [lo=2747216958 high=2747223832 win=4105 modulator=0 wscale=4] [lo=2628859950 high=2628925592 win=54 mo Sep 10 10:29:15 lobos kernel: pf: loose state match: TCP 10.10.10.2:20941 177.17.68.103:27334 174.122.209.54:110 [lo=2747216958 high=2747223832 win=4105 modulator=0 wscale=4] [lo=2628859950 high=2628925592 win=54 mo Sep 10 10:29:16 lobos kernel: pf_map_addr: selected address 177.17.68.103 Sep 10 10:29:47 lobos last message repeated 71 times Sep 10 10:30:02 lobos last message repeated 114 times I had nat on $ext_if from any to any -> ($ext_if) port 1024:65535 replaced with nat on $ext_if from any to any -> ($ext_if) tried to connect again and and got: Sep 10 10:30:02 lobos kernel: pf: NAT proxy port allocation (50001-65535) failed Sep 10 10:30:02 lobos kernel: pf_map_addr: selected address 177.17.68.103 Sep 10 10:30:33 lobos last message repeated 373 times Sep 10 10:31:36 lobos last message repeated 559 times Sep 10 10:31:36 lobos kernel: pf: loose state match: TCP 10.10.10.2:13369 177.17.68.103:51153 189.17.94.162:1723 [lo=3293828711 high=3293894229 win=65535 modulator=0] [lo=4058414752 high=4058480270 win=65535 modulat Sep 10 10:31:36 lobos kernel: pf: loose state match: TCP 189.17.94.162:1723 189.17.94.162:1723 10.10.10.2:13369 [lo=3293828711 high=3293894229 win=65535 modulator=0] [lo=4058414752 high=4058480270 win=65535 modulato Sep 10 10:31:36 lobos kernel: pf: loose state match: TCP 189.17.94.162:1723 189.17.94.162:1723 10.10.10.2:13369 [lo=3293828711 high=3293894229 win=65535 modulator=0] [lo=4058414752 high=4058480270 win=65535 modulato Sep 10 10:31:37 lobos kernel: pf_map_addr: selected address 177.17.68.103 Sep 10 10:32:08 lobos last message repeated 227 times Both attempts failed. Can you make something out of this? -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winblows FREE)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109101042.53575.lobo>