IPsec with racoon

Adam Bayless adam at baylessfamily.org
Wed Oct 8 08:56:36 PDT 2003 

Well, I am the ISP, so I can be sure there are no ports blocked...


thanks,

Adam


At 09:27 AM 10/8/2003, rduvall at onlinehighways.net wrote:
>You don't have any firewall rules blocking it somewhere in the middle between
>the two endpoints, do you?  Some ISP's will block all traffic except for 
>certain
>types, but they don't tell you about it.  We have a wireless internet 
>provider
>in town that blocks ports to keep people from using certain types of internet
>services to save bandwidth.  They are an http/email only provider in this 
>sense.
>  VPN will not work across this ISP, regardless of the fact that you have 
> a real
>IP address with them.  I disagree with ISP's doing this if people are paying
>full price for internet service.  However, they charge a very low rate, so
>people get what they pay for in the end.
>
>Sincerely,
>
>Rick Duvall
>
>--- Adam Bayless <adam at baylessfamily.org> wrote:
> > Rick,
> >
> > Thanks for the suggestion, but it is a publicly routable address. It
> > actually appears to be getting all of phase 1 complete and most of phase 2
> > but just never passes any traffic across the VPN tunnel itself, so I am
> > past the basic connectivity issues.
> >
> > Anyone else have any thoughts?
> >
> > Thanks,
> >
> > Adam
> >
> >
> >
> >
> > At 03:06 PM 10/7/2003, rduvall at onlinehighways.net wrote:
> > >Is the external IP address of your VPN device an internet routable IP
> > >address?
> > >I know that if you are on an ADSL without static IP (like Qwest or MSN
> > >adsl) the
> > >IP address that is automatically assigned via DHCP by the DSL modem is
> > >private
> > >IP space, and therefore your VPN will not work.  I resorted to getting an
> > >Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my
> > >Qwest MSN
> > >and set my VPN to go between the 2 FreeBSD boxes.  This gave my
> > >firewall/gateway
> > >a real IP address.  Granted, it is dynamic and I have to change my vpn 
> every
> > >time my IP address get's re-negotiated, but at least it works.  I am
> > >trying to
> > >figure out a way to dynamicly change the VPN config on both ends when ppp
> > >comes
> > >up so I don't have to do it manually.
> > >
> > >Sincerely,
> > >
> > >Rick Duvall
> > >
> > >--- Adam Bayless <adam at baylessfamily.org> wrote:
> > > > I've followed a couple of the tutorials available on the web, 
> including
> > > the
> > > > one in the FreeBSD manual, for setting up an IPsec tunnel between two
> > > > FreeBSD machines, but I am trying to connect to a netgear VPN 
> device. I'm
> > > > getting past phase 1 and getting an SA but the traffic will not flow.
> > > >
> > > > Without quoting every piece of config, does anybody have any 
> pointers on
> > > > what might differ between the tutorials on FreeBSD <-> FreeBSD and
>talking
> > > > to a VPN device?
> > > >
> > > > Thanks,
> > > >
> > > > Adam
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------------
> > > > Adam Bayless                    |      vi /etc/mail/aliases
> > > > Fibernet System Janitor         |      complaints: /dev/null
> > > > adam at baylessfamily.org          |      :wq
> > > > baylessfamily.org/~abayless     |      newaliases
> > > > ------------------------------------------------------------
> > > >
> > > > _______________________________________________
> > > > freebsd-questions at freebsd.org mailing list
> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > > To unsubscribe, send any mail to
> > > "freebsd-questions-unsubscribe at freebsd.org"
> > > >
> >
> >
> >
> > ------------------------------------------------------------
> > Adam Bayless                    |      vi /etc/mail/aliases
> > Fibernet System Janitor         |      complaints: /dev/null
> > adam at baylessfamily.org          |      :wq
> > baylessfamily.org/~abayless     |      newaliases
> > ------------------------------------------------------------
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"
> >



------------------------------------------------------------
Adam Bayless                    |      vi /etc/mail/aliases
Fibernet System Janitor         |      complaints: /dev/null
adam at baylessfamily.org          |      :wq
baylessfamily.org/~abayless     |      newaliases
------------------------------------------------------------

More information about the freebsd-questions mailing list