On 27/11/2007, at 5:49 PM, Ted Mittelstaedt wrote:
-Original Message-
From: Jerahmy Pocott [mailto:[EMAIL PROTECTED]
Sent: Sunday, November 25, 2007 4:48 AM
To: Ted Mittelstaedt
Cc: FreeBSD Questions
Subject: Re: Difficulties establishing VPN tunnel with IPNAT
Perhaps, but I'v heard
-Original Message-
From: Jerahmy Pocott [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 27, 2007 7:07 AM
To: Ted Mittelstaedt
Cc: FreeBSD Questions
Subject: Re: Difficulties establishing VPN tunnel with IPNAT
On 27/11/2007, at 5:49 PM, Ted Mittelstaedt wrote
-Original Message-
From: Jerahmy Pocott [mailto:[EMAIL PROTECTED]
Sent: Sunday, November 25, 2007 4:48 AM
To: Ted Mittelstaedt
Cc: FreeBSD Questions
Subject: Re: Difficulties establishing VPN tunnel with IPNAT
Perhaps, but I'v heard a lot of good things about IPF and IPNAT
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Roger Olofsson
Sent: Saturday, November 24, 2007 2:09 PM
To: Jerahmy Pocott
Cc: FreeBSD Questions
Subject: Re: Difficulties establishing VPN tunnel with IPNAT
Hello again Jerahmy,
I would suggest
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Roger
Olofsson
Sent: Saturday, November 24, 2007 2:09 PM
To: Jerahmy Pocott
Cc: FreeBSD Questions
Subject: Re: Difficulties establishing VPN tunnel with IPNAT
Hello again Jerahmy,
I would suggest that you verify what port(s
The Sonic Wall client doesn't trigger ANY firewall rules, which is
why I thought
there must be something going wrong with the NAT. It actually
establishes the
tunnel okay but never gets an IP address, from my understanding this
client
uses some sort of dhcp over ipsec to provision the
,
clearly, in your case, it's WORSE.
Ted
-Original Message-
From: Jerahmy Pocott [mailto:[EMAIL PROTECTED]
Sent: Sunday, November 25, 2007 2:12 AM
To: Ted Mittelstaedt
Cc: Roger Olofsson; FreeBSD Questions
Subject: Re: Difficulties establishing VPN tunnel with IPNAT
Well the main
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Roger
Olofsson
Sent: Saturday, November 24, 2007 2:09 PM
To: Jerahmy Pocott
Cc: FreeBSD Questions
Subject: Re: Difficulties establishing VPN tunnel with IPNAT
Hello again Jerahmy,
I would suggest that you verify what port
Jerahmy Pocott skrev:
The Sonic Wall client doesn't trigger ANY firewall rules, which is why I
thought
there must be something going wrong with the NAT. It actually
establishes the
tunnel okay but never gets an IP address, from my understanding this client
uses some sort of dhcp over ipsec to
On 26/11/2007, at 1:00 AM, Roger Olofsson wrote:
Hello Jerahmy, (sorry for top-posting, btw).
Gre is protocol 47. In your firewall rules you only allow/block
protocols tcp/udp/icmp. If you want to use PPTP you will need to
allow both the port and the protocol for it.
I put:
pass out
Jerahmy Pocott skrev:
On 26/11/2007, at 1:00 AM, Roger Olofsson wrote:
Hello Jerahmy, (sorry for top-posting, btw).
Gre is protocol 47. In your firewall rules you only allow/block
protocols tcp/udp/icmp. If you want to use PPTP you will need to allow
both the port and the protocol for
On 26/11/2007, at 4:47 AM, Roger Olofsson wrote:
Hello Jerahmy,
Some progress it seems? Why not set it to allow gre from VPN server
only? Ie pass in quick on fxp1 proto gre from vpn server ip to any?
The way you ask your question, 'make it work without static ip or
allowing all traffic',
Jerahmy Pocott skrev:
On 26/11/2007, at 4:47 AM, Roger Olofsson wrote:
Hello Jerahmy,
Some progress it seems? Why not set it to allow gre from VPN server
only? Ie pass in quick on fxp1 proto gre from vpn server ip to any?
The way you ask your question, 'make it work without static ip or
Hello,
I recently decided to give ipf and ipnat a try, previously I had
always been using
ipfw and natd. Since switching over I can no longer establish a VPN
tunnel from
any system behind the gateway.
I did 'ipf -F a' to flush all rules but I was still unable to connect
so I think it's a
Hello Jerahmy,
Assuming you want to connect from the outside to your VPN.
Have you made sure that port 2401 is open for inbound traffic in your
ipf.rules?
You might also want to do 'ipnat -C -f path to ipnat.rules'. Man ipnat ;^)
Greeting from Sweden
/Roger
Jerahmy Pocott skrev:
Hello,
Sorry, the issue is connecting TO any out side VPN, not connecting from
outside.
I tested with ipf set to accept all and it still failed, so I figured
it must be ipnat..
I had no issues when using ipfw/natd.
On 25/11/2007, at 12:50 AM, Roger Olofsson wrote:
Hello Jerahmy,
Assuming you
Sorry let me clarify..
There are two issues, one is connecting to any external VPN, with no
filter I
can establish a connection to PPTP VPN, but the 'Sonic Wall Global
VPN Client'
still fails to connect even with no filter rules.
The redirect for the CVS server has an ipf rule to allow
Hello again Jerahmy,
I would suggest that you verify what port(s) and protocol(s) 'Sonic Wall
Global VPN Client' needs to work.
I would also suggest that you look in the logfile from ipf to see what
it's blocking and when.
My guess is that the VPN client is using a protocol like IPSEC (IP
18 matches
Mail list logo
