Date: Sun, 22 May 2011 20:40:21 +1000 From: Da Rock <freebsd-pf@herveybayaustralia.com.au> To: freebsd-pf@freebsd.org Subject: pf firewall nat and IPSec Message-ID: <4DD8E815.4090209@herveybayaustralia.com.au>
next in thread | raw e-mail | index | archive | help
I have an android mobile I'm trying to connect using the L2TP/IPSec vpn.
I now have it working well on the lan, but the mobile network fails. I
also have the L2TP part working alone.
Racoon seems to be working, I have forced nat turned on, but for some
reason it won't connect- or if it does its only for seconds.
My PF is setup with binat for the VPN system, although there is other
services to that system and others on the network.
My relevant rules are as follows:
scrub max-mss 1396 no-df
binat on $ext_if from $voip to any -> $ext_ip
pass in $plog on $ext_if proto { udp, ah, esp, ipencap } from any to
$vpn tag EXT_IPSEC keep state
pass out $plog on $int_if proto { udp, ah, esp, ipencap } from any to
$vpn tagged EXT_IPSEC keep state
What am I missing? Android logs show that phase1 works, and then phase2
fails because phase1 ran out of time.
I could really use some advice from those with experience in this setup.
Cheers
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DD8E815.4090209>