I've been playing around with netcat. I noticed that the netcat process on my VPN_server does not show any "X" on stdout for ports 4500 and 1701.
May it be relevant to my VPN issue? VPN_serv is A.B.C.77/23 (it is not behind NAT): $ pfctl -s rules pass all flags S/SA $ nc -u -l 500 XXXX X.Y.Z.11/29$ nc -vuz A.B.C.77 4500 A.B.C.69/23$ nc -vuz A.B.C.77 4500 $ nc -u -l 4500 NOTHING IS HERE $ nc -u -l 4499 XXXX $ nc -u -l 4501 XXXX X.Y.Z.11/29$ nc -vuz A.B.C.77 1701 A.B.C.69/23$ nc -vuz A.B.C.77 1701 $ nc -u -l 1701 NOTHING IS HERE $ nc -u -l 22 XXXX $ nc -u -l 1234 XXXX On Wed, 7 Nov 2018 12:17:09 +0100 Radek <alee...@gmail.com> wrote: > Yesterday I tried this scenario: > > Win7_warrior - 192.168.x.x, NAT, GW: 1.2.3.119 > VPN_L2TP (Mikrotik) - A.B.C.75/23, not NATed > VPN_IKEv2 - A.B.C.77/23, not NATed > > I connected Win7_warrior to VPN_L2TP and then to VPN_IKEv2. I was having two > active VPN conn in one time. > Next, I disconnected VPN_L2TP. VPN_IKEv2 was still active and was working > fine. > > When I disconnected VPN_IKEv2 and was trying to connect VPN_IKEv2 omitting > VPN_L2TP - I got 809. > > Removing home_router which is between Win7_warrior and 1.2.3.119 does not > change anything. > > Another thing: > I install VPN_IKEv2 OS via PXEboot and get private IP from dhcp server. Then > I move to public A.B.C.77/23 editing /etc/hostname, mygate, resolv.conf. > Maybe I missed something in network conf that is important for OpenIKED? > > Any idea? > > > On Tue, 6 Nov 2018 11:21:52 +0100 > Radek <alee...@gmail.com> wrote: > > > Hello Kim, > > > > > My question was concerning the VPN_server, is the server NATed? > > A.B.C.0/23 is not NATed, it is a public pool. VPN_server is not NATed. > > > > > How is A.B.C.0/23 connected to the 'rest' of the world? Router/Firewall > > > ... > > I only have switches in my building. > > All routers/firewalls of my network are in another building, I do not know > > the whole network structure, devices, security policies... but I have never > > noticed that any ports were blocked. > > > > I can setup a IKEV2 site-to-site VPN A.B.C.D/23 <--> !A.B.C.0/23 and it > > works like a charm. > > https://community.riocities.com/openike_openbsd.html > > But I can not setup a VPN_server for road warriors. > > > > I have just set up a VPN_L2TP_serv on Mikrotik (A.B.C.75/23). I can connect > > my Win7_warrior from !A.B.C.0/23 (currently testing on GSM network). > > L2TP and IKEV2 use 500, 4500 ports. If L2TP works fine so I conclude that > > it is not any Router/FW problem. > > > > On Tue, 6 Nov 2018 07:48:37 +0100 > > Kim Zeitler <kim.zeit...@konzept-is.de> wrote: > > > > > Good morning Radek, > > > > > > I have a suspicion ... > > > > > > > For (1), (2) and (3) VPN is working just fine with Win7_warrior and > > > > puffy_warrior if they are connecting from A.B.C.0/23 (it does not > > > > matter if warrior has public IP or it is behind NAT). The rest of the > > > > world fails to connect the VPN_server. > > > My question was concerning the VPN_server, is the server NATed? > > > How is A.B.C.0/23 connected to the 'rest' of the world? Router/Firewall > > > ... > > > > > > Cheers, > > > Kim > > > > > > > > > > > > -- > > radek > > > -- > radek -- radek
