On 26/11/2007, at 4:47 AM, Roger Olofsson wrote:
Hello Jerahmy,
Some progress it seems? Why not set it to allow gre from VPN server
only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any?
The way you ask your question, 'make it work without static ip or
allowing all traffic', isn't that contradictory?
As for the frag part, I'd say that if gre needs frag, then you will
have to enable it.
About the CVS, I seem to have misunderstood your question. I
assumed 10.0.0.2 wanted to recieve CVS inbound and not serve it
outbound, or am I mistaking again?
/Roger
Yes, that is what I meant by 'static ip' I could allow all gre from
the specific ip address
but I would prefer that gre traffic be allowed from a host only when
an existing connection
has been opened to it..
10.0.0.2 is a CVS server.
It seems to me that natd works better with ipsec
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
