RE: Qwest Contivity VPN Client Behind PF
Tried this rule but no dice. Still get message that server is not responding. Any other thoughts? TC -Original Message- From: jolan [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 11:52 AM To: Todd Chandler Cc: [EMAIL PROTECTED] Subject: Re: Qwest Contivity VPN Client Behind PF On Fri, Jan 31, 2003 at 08:43:06AM -0500, Todd Chandler wrote: When I attempt to connect from the client, it simply times out. Any ideas what I'm missing? i assume the client is behind nat. if you're using 3.2, try this rule: nat on $ext_if inet proto udp from any port = isakmp to any - \ $ext_if port 500 problem is that the server is probably ignoring isakmp traffic that doesn't have a source port of 500. - jolan
Qwest Contivity VPN Client Behind PF
I have a user on my network that needs to use the Qwest Contivity VPN Client to connect to a customers network. I am having trouble getting the PF rules set up correctly to make this happen. Does anyone have any experience getting the Contivity client to successfully connect through PF? Any tips would be appreciated. I currently have the following rules in pf.conf for this particular purpose: pass in quick on $INTIF proto esp from any to x.x.x.x keep state pass in quick on $INTIF proto ah from any to x.x.x.x keep state pass in quick on $INTIF proto udp from any to x.x.x.x port = 500 keep state When I attempt to connect from the client, it simply times out. Any ideas what Im missing? Thanks! Todd Chandler �
Routing port 80 and 443 packets to a proxy server
We are experimenting with OpenBSD and have an issue that we haven't been able to figure out. We would like to force all outbound http and https traffic to a proxy server for content filtering before it leaves our network. How do we configure PF to force all http and https traffic to go to the proxy server? The proxy server and client machines are located on the same internal subnet. We simply want http and https traffic to pass through only after it has been sent through the proxy. Thanks in advance! Todd Chandler
