Difficulties establishing VPN tunnel with IPNAT
quakenet1 at optusnet.com.au
Sat Nov 24 11:14:36 PST 2007
Sorry, the issue is connecting TO any out side VPN, not connecting from
I tested with ipf set to accept all and it still failed, so I figured
it must be ipnat..
I had no issues when using ipfw/natd.
On 25/11/2007, at 12:50 AM, Roger Olofsson wrote:
> Hello Jerahmy,
> Assuming you want to connect from the outside to your VPN.
> Have you made sure that port 2401 is open for inbound traffic in
> your ipf.rules?
> You might also want to do 'ipnat -C -f <path to ipnat.rules>'. Man
> ipnat ;^)
> Greeting from Sweden
> Jerahmy Pocott skrev:
>> I recently decided to give ipf and ipnat a try, previously I had
>> always been using
>> ipfw and natd. Since switching over I can no longer establish a
>> VPN tunnel from
>> any system behind the gateway.
>> I did 'ipf -F a' to flush all rules but I was still unable to
>> connect so I think it's a problem
>> with ipnat? Also my redirect from ipnat doesn't seem to work either.
>> These are the only ipnat rules I have:
>> (fxp1 is the external interface)
>> # ipnat built in ftp proxy rules
>> map fxp1 10.0.0.0/24 -> 0/32 proxy port 21 ftp/tcp
>> map fxp1 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp
>> # CVS Server on Fileserv
>> rdr fxp1 0/32 port 2401 -> 10.0.0.2 port 2401 tcp/udp
>> # nat all out going traffic on fxp1 from internal lan
>> map fxp1 10.0.0.0/24 -> 0/32
>> I can post my firewall rules too if that would help, however with
>> NO rules set it
>> still didn't work so I don't think that would help.. (I'm using
>> the klm which is default
>> to accept?)
>> freebsd-questions at freebsd.org mailing list
>> To unsubscribe, send any mail to "freebsd-questions-
>> unsubscribe at freebsd.org"
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
More information about the freebsd-questions