Siju George writes: > All outbound TCP, UDP and ICMP traffic from the LAN is let out through PF. > > I am able to connect to another Fortigate IPSEC VPN Server on the > Internet using Forticlient on the same XP system but no data > communication happens between them. > > I tried connecting from a network that is not firewalled by OpenBSD > and the VPN connection to the same Fortigate Server is working fine > and I am able to access the internal machines. > > Is there any other traffic I should allow other than TCP,UDP,ICMP on > the firewall to connect and pass traffic between the Fortigate VPN > server and the XP system using Forticlient?
You didn't indicate whether the OpenBSD 4.0 is doing NAPT for your XP box or you have a binat setup. If NAPT then you must enable NAT traversal on the FortiGate. If you have setup a binat then you have the choice of enabling NAT traveral on the FortiGate or modifying pf to allow ESP (protocol 50) in&out.
