Difficulties establishing VPN tunnel with IPNAT

Roger Olofsson raggen at passagen.se
Sun Nov 25 11:22:57 PST 2007

Jerahmy Pocott skrev:
> On 26/11/2007, at 4:47 AM, Roger Olofsson wrote:
>> Hello Jerahmy,
>> Some progress it seems? Why not set it to allow gre from VPN server 
>> only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any?
>> The way you ask your question, 'make it work without static ip or 
>> allowing all traffic', isn't that contradictory?
>> As for the frag part, I'd say that if gre needs frag, then you will 
>> have to enable it.
>> About the CVS, I seem to have misunderstood your question. I assumed 
>> wanted to recieve CVS inbound and not serve it outbound, or 
>> am I mistaking again?
>> /Roger
> Yes, that is what I meant by 'static ip' I could allow all gre from the 
> specific ip address
> but I would prefer that gre traffic be allowed from a host only when an 
> existing connection
> has been opened to it..
> is a CVS server.
> It seems to me that natd works better with ipsec
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"

Hello again Jerahmy,

It would seem that there is a PPTP proxy in ipf that you might want to 
try as well. The syntax would be:

map fxp1 -> 0/32 proxy port 1723 pptp/tcp

Good luck!


More information about the freebsd-questions mailing list