lobo at bsd.com.br
Sun Sep 11 14:18:12 UTC 2011
On Sunday 11 September 2011 01:57:32 you wrote:
> Why do you have a tun0 interface on the NAT box? That's a virtual tunnel
> interface, not a physical interface.
Because the tun0 interface IS my ext_if. My ISP modem is in bridge mode and
FBSD box gets the public IP via pppoe.
> I thought the client (!= the NAT box) is the VPN endpoint. Not all
> encapsulation is done there, the NAT box is somehow involved in this?
My home GW is my NAT box, and it is involved. It wasn't suppoesed to interfere
but it it is.
1) Here is the map:
My home workstation (FBSD amd64)
My home GW (FBSD i386 NATting to a public IP on ppp/tun0)
ISP ADSL modem in bridge mode
My work GW (FBSD amd64 w/MPD VPN server)
My work LAN
2) What I am attempting that's not working (but used to work!)
Establish a VPM from My home workstation TO My work GW
3) What works every single time
Establishing a VPN from My home GW AS A CLIENT to My work GW, using an exact
copy of mpd.conf from My home workstation.
The fact that I can do it flawlessly from the GW itself but NOT from the My
home LAN (or My work LAN for that matter), in my lame opinion, points straight
4) Points of notice
- My home GW is NOT a VPN server waiting for connections.
- 2) MAY work in 1 out of 10 attempts. I don't know how to better explain this
but it is as if I have to hit "a lucky timing spot". Sometimes, if I have
an open ssh session from My home workstation to My work GW, that "seems
to help" establish the VPN connection, but again, sometimes it doesn't
- People on My work LAN are having the same kind of problem I'm having, to
establish VPN tunnels to outside sites. The common point is that we're all
behind FBSD gateways with pf.
The condition that "sometimes it works, sometimes it doesn't" made me find
I don't know if it applies to my case but after days searching, it was the
closest thing I could find.
FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winblows FREE)
More information about the freebsd-pf