(Sorry Piere, that was meant to go to the list in the first place...) I have pf disabled on the vpnc machine. But I indeed have pf running on my gateway (doing nat). But as I said, it does work with other machines.
Or do I really have to open anything up on the gateway? 2011/1/6 Pierre-Emmanuel Andri <p...@raveland.org>: > On Wed, Jan 05, 2011 at 10:20:03PM +0100, Christian Kildau wrote: >> Hi all, >> >> I'm having a hard time getting vpnc (0.5.3) from packages to work on 4.8. >> I have it running on Mac OS X (and Linux also), but it just doesn't work(tm) >> on OpenBSD. >> >> Everything get's set up properly (in my eyes). The tun device is created, the >> IP Address is assigned, the routes are set. But it looks like vpnc just >> doesn't forward anything. >> >> net.inet.esp.enable and net.inet.ah.enable are set to 0, as mentioned by the >> vpnc installation script. >> >> # ping sipgate.de >> PING sipgate.de (217.10.79.9): 56 data bytes >> ping: sendto: No buffer space available >> ping: wrote sipgate.de 64 chars, ret=-1 >> >> Has anyone got this working on a recent OpenBSD? >> >> >> >> >> >> >> IPSec gateway secureconnect.sipgate.net >> IPSec ID secureconnect.sipgate.net >> IPSec secret sipgate-key >> #IPSec target network 217.10.64.0/255.255.240.0 >> IKE Authmode psk >> Xauth username user >> Xauth password pass >> #NAT Traversal Mode force-natt >> Script /etc/vpnc/vpnc-sipgate-script >> >> (Custom script is the default one, minus the resolv.conf handling and sets >> 217.10.64.0/255.255.240.0 instead of default route) >> >> tun0: flags=51<UP,POINTOPOINT,RUNNING> mtu 1412 >> priority: 0 >> groups: tun >> status: active >> inet 212.9.32.144 --> 212.9.32.144 netmask 0xffffffff >> >> # netstat -nrf inet >> Routing tables >> >> Internet: >> Destination Gateway Flags Refs Use Mtu Prio Iface >> default 10.1.16.1 UGS 4 32 - 8 em0 >> 10.1.16/24 link#1 UC 2 0 - 4 em0 >> 10.1.16.1 00:50:8b:95:a4:d2 UHLc 1 5 - 4 em0 >> 10.1.16.128 00:23:df:a7:8d:9e UHLc 1 154 - 4 em0 >> 10.1.16.222 127.0.0.1 UGHS 0 0 33160 8 lo0 >> 127/8 127.0.0.1 UGRS 0 0 33160 8 lo0 >> 127.0.0.1 127.0.0.1 UH 2 0 33160 4 lo0 >> 212.9.32.151 212.9.32.151 UH 1 0 - 4 tun0 >> 217.10.64/20 212.9.32.151 UGS 0 0 - 8 tun0 >> 224/4 127.0.0.1 URS 0 0 33160 8 lo0 >> > > I use it everyday at work with OpenBSD -current. > Do you have a rule in your pf.conf to allow traffic on tunX ? > > > -- > Pierre-Emmanuel Andri <pea at raveland.org> > GPG key: 0x7AE329DC > -- http://www.chrisk.de/