IPsec with racoon
rduvall at onlinehighways.net
rduvall at onlinehighways.net
Wed Oct 8 08:27:10 PDT 2003
You don't have any firewall rules blocking it somewhere in the middle between
the two endpoints, do you? Some ISP's will block all traffic except for certain
types, but they don't tell you about it. We have a wireless internet provider
in town that blocks ports to keep people from using certain types of internet
services to save bandwidth. They are an http/email only provider in this sense.
VPN will not work across this ISP, regardless of the fact that you have a real
IP address with them. I disagree with ISP's doing this if people are paying
full price for internet service. However, they charge a very low rate, so
people get what they pay for in the end.
Sincerely,
Rick Duvall
--- Adam Bayless <adam at baylessfamily.org> wrote:
> Rick,
>
> Thanks for the suggestion, but it is a publicly routable address. It
> actually appears to be getting all of phase 1 complete and most of phase 2
> but just never passes any traffic across the VPN tunnel itself, so I am
> past the basic connectivity issues.
>
> Anyone else have any thoughts?
>
> Thanks,
>
> Adam
>
>
>
>
> At 03:06 PM 10/7/2003, rduvall at onlinehighways.net wrote:
> >Is the external IP address of your VPN device an internet routable IP
> >address?
> >I know that if you are on an ADSL without static IP (like Qwest or MSN
> >adsl) the
> >IP address that is automatically assigned via DHCP by the DSL modem is
> >private
> >IP space, and therefore your VPN will not work. I resorted to getting an
> >Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my
> >Qwest MSN
> >and set my VPN to go between the 2 FreeBSD boxes. This gave my
> >firewall/gateway
> >a real IP address. Granted, it is dynamic and I have to change my vpn every
> >time my IP address get's re-negotiated, but at least it works. I am
> >trying to
> >figure out a way to dynamicly change the VPN config on both ends when ppp
> >comes
> >up so I don't have to do it manually.
> >
> >Sincerely,
> >
> >Rick Duvall
> >
> >--- Adam Bayless <adam at baylessfamily.org> wrote:
> > > I've followed a couple of the tutorials available on the web, including
> > the
> > > one in the FreeBSD manual, for setting up an IPsec tunnel between two
> > > FreeBSD machines, but I am trying to connect to a netgear VPN device. I'm
> > > getting past phase 1 and getting an SA but the traffic will not flow.
> > >
> > > Without quoting every piece of config, does anybody have any pointers on
> > > what might differ between the tutorials on FreeBSD <-> FreeBSD and
talking
> > > to a VPN device?
> > >
> > > Thanks,
> > >
> > > Adam
> > >
> > >
> > >
> > >
> > >
> > > ------------------------------------------------------------
> > > Adam Bayless | vi /etc/mail/aliases
> > > Fibernet System Janitor | complaints: /dev/null
> > > adam at baylessfamily.org | :wq
> > > baylessfamily.org/~abayless | newaliases
> > > ------------------------------------------------------------
> > >
> > > _______________________________________________
> > > freebsd-questions at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe at freebsd.org"
> > >
>
>
>
> ------------------------------------------------------------
> Adam Bayless | vi /etc/mail/aliases
> Fibernet System Janitor | complaints: /dev/null
> adam at baylessfamily.org | :wq
> baylessfamily.org/~abayless | newaliases
> ------------------------------------------------------------
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list