Nick Stenning wrote:
[ ... ]
The second part of the question is perhaps slightly more complex. The
Vigor router has set up on it a LAN-to-LAN PPTP VPN (enough acronyms
for you?) to an office elsewhere. As it stands currently, machines on
the LAN can access (ping/SMB shares) a class C subnet, 192.168.1.0/24
via this VPN connecion on the Vigor router. Also, machines at the
other end of the VPN, in the office, can access machines at this end
of the VPN, on the LAN (the other class C: 10.0.0.0/24)
The question is, what IPFW divert rules and other whizbangery do I
need to set up so that I can disconnect that cable marked ** and have
all the VPN stuff keep working. If at all possible, I'd rather not
move the management of the VPN onto the FBSD box.
Given what you've said, you should set up the FreeBSD machine as a bridge
rather than a router.
It's possible to do other things, such as changing the NAT address range
used by rl1 and your Vigor 2600, yet also set up NAT on the FreeBSD machine,
including GRE passthrough and PPTP in /etc/natd.conf, but that would be
evil, hard to debug, and otherwise tempting the fates. :-)
# NATD configuration options
dynamic yes
interface rl1
#log yes
log_denied yes
use_sockets yes
same_ports yes
unregistered_only yes
#punch_fw 10000:100
redirect_proto gre 10.1.1.2
redirect_port udp 10.1.1.2:500 500
redirect_port udp 10.1.1.2:4500 4500
redirect_port udp 10.1.1.2:62515 62515
redirect_port tcp 10.1.1.2:10000 10000
redirect_port tcp 10.1.1.2:pptp pptp
# The above rules allow passthrough for the Cisco VPN software, and should
also work with SonicWall's VPN client. OpenVPN uses just a single UDP port,
and would be very easy to set up on FreeBSD if you liked.
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
