"Dave Beckstrom" <[EMAIL PROTECTED]> writes: > I have an OpenBSD 3.3 transparently bridged packet filtering firewall. I > would like to enable a VPN connection through the firewall into a Win2K3 > server that sits behind the firewall.
"VPN" could be a lot of things, but this sounds very much like the Microsoft PPTP variety, and cut to the chase, it's one of those protocols that's hard to do right. There is work going on now that might solve this soon (as in patches on tech@, may turn up in snapshots soonish), but the only more or less working solution right now is the frickin pptp proxy, at frickin.sourceforge.net. Not much loved by OpenBSD developers, but it's there. Not really wanting to nag, but you may want to look into upgrading to a more recent OpenBSD, hardly any recent software will be even tested on 3.3 these days. For the protocols and ports, it's almost always better (as in makes your rule set more readable and maintainable) to grep for the numbers in /etc/protocols and /etc/services files respectively. More likely than not you can put what you find in your pf.conf - > I am finding conflicting information on what ports/protocol to open up. > Microsoft is saying protocol ID 47 and TCP port 1723 both inbound and > outbound. If that's true, then something like the following should work: that would be "proto gre" and "port pptp" respectively > To complicate matters, I've found other references to protocols 50 & 51 and > port 500. those would be "proto esp", "proto ah" and "port isakmp". and yes, you may need to go through contortions with others. I would recommend looking into other VPNs than the builtin Microsoft one, almost all other options are easier to deal with. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.