Difficulties establishing VPN tunnel with IPNAT
Roger Olofsson
raggen at passagen.se
Sun Nov 25 11:22:57 PST 2007
Jerahmy Pocott skrev:
>
> On 26/11/2007, at 4:47 AM, Roger Olofsson wrote:
>> Hello Jerahmy,
>>
>> Some progress it seems? Why not set it to allow gre from VPN server
>> only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any?
>>
>> The way you ask your question, 'make it work without static ip or
>> allowing all traffic', isn't that contradictory?
>>
>> As for the frag part, I'd say that if gre needs frag, then you will
>> have to enable it.
>>
>> About the CVS, I seem to have misunderstood your question. I assumed
>> 10.0.0.2 wanted to recieve CVS inbound and not serve it outbound, or
>> am I mistaking again?
>>
>> /Roger
>
> Yes, that is what I meant by 'static ip' I could allow all gre from the
> specific ip address
> but I would prefer that gre traffic be allowed from a host only when an
> existing connection
> has been opened to it..
>
> 10.0.0.2 is a CVS server.
>
> It seems to me that natd works better with ipsec
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
Hello again Jerahmy,
It would seem that there is a PPTP proxy in ipf that you might want to
try as well. The syntax would be:
map fxp1 10.0.0.0/0 -> 0/32 proxy port 1723 pptp/tcp
Good luck!
/Roger
More information about the freebsd-questions
mailing list