RE: Difficulties establishing VPN tunnel with IPNAT

> -Original Message- > From: Jerahmy Pocott [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 27, 2007 7:07 AM > To: Ted Mittelstaedt > Cc: FreeBSD Questions > Subject: Re: Difficulties establishing VPN tunnel with IPNAT > > > > On 27/11/2007, at 5

Re: Difficulties establishing VPN tunnel with IPNAT

On 27/11/2007, at 5:49 PM, Ted Mittelstaedt wrote: -Original Message- From: Jerahmy Pocott [mailto:[EMAIL PROTECTED] Sent: Sunday, November 25, 2007 4:48 AM To: Ted Mittelstaedt Cc: FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT Perhaps, but I'v he

RE: Difficulties establishing VPN tunnel with IPNAT

> -Original Message- > From: Jerahmy Pocott [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 25, 2007 4:48 AM > To: Ted Mittelstaedt > Cc: FreeBSD Questions > Subject: Re: Difficulties establishing VPN tunnel with IPNAT > > > Perhaps, but I'v heard a

Re: Difficulties establishing VPN tunnel with IPNAT

Jerahmy Pocott skrev: On 26/11/2007, at 4:47 AM, Roger Olofsson wrote: Hello Jerahmy, Some progress it seems? Why not set it to allow gre from VPN server only? Ie pass in quick on fxp1 proto gre from to any? The way you ask your question, 'make it work without static ip or allowing all

Re: Difficulties establishing VPN tunnel with IPNAT

On 26/11/2007, at 4:47 AM, Roger Olofsson wrote: Hello Jerahmy, Some progress it seems? Why not set it to allow gre from VPN server only? Ie pass in quick on fxp1 proto gre from to any? The way you ask your question, 'make it work without static ip or allowing all traffic', isn't that co

Re: Difficulties establishing VPN tunnel with IPNAT

Jerahmy Pocott skrev: On 26/11/2007, at 1:00 AM, Roger Olofsson wrote: Hello Jerahmy, (sorry for top-posting, btw). Gre is protocol 47. In your firewall rules you only allow/block protocols tcp/udp/icmp. If you want to use PPTP you will need to allow both the port and the protocol for it.

Re: Difficulties establishing VPN tunnel with IPNAT

On 26/11/2007, at 1:00 AM, Roger Olofsson wrote: Hello Jerahmy, (sorry for top-posting, btw). Gre is protocol 47. In your firewall rules you only allow/block protocols tcp/udp/icmp. If you want to use PPTP you will need to allow both the port and the protocol for it. I put: pass out qui

Re: Difficulties establishing VPN tunnel with IPNAT

Jerahmy Pocott skrev: The Sonic Wall client doesn't trigger ANY firewall rules, which is why I thought there must be something going wrong with the NAT. It actually establishes the tunnel okay but never gets an IP address, from my understanding this client uses some sort of dhcp over ipsec to p

Re: Difficulties establishing VPN tunnel with IPNAT

does support more kinds of protocol translations. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Olofsson Sent: Saturday, November 24, 2007 2:09 PM To: Jerahmy Pocott Cc: FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT Hel

RE: Difficulties establishing VPN tunnel with IPNAT

on and now you don't. So, clearly, in your case, it's WORSE. Ted > -Original Message- > From: Jerahmy Pocott [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 25, 2007 2:12 AM > To: Ted Mittelstaedt > Cc: Roger Olofsson; FreeBSD Questions > Subject

Re: Difficulties establishing VPN tunnel with IPNAT

The Sonic Wall client doesn't trigger ANY firewall rules, which is why I thought there must be something going wrong with the NAT. It actually establishes the tunnel okay but never gets an IP address, from my understanding this client uses some sort of dhcp over ipsec to provision the client

Re: Difficulties establishing VPN tunnel with IPNAT

ssage- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Olofsson Sent: Saturday, November 24, 2007 2:09 PM To: Jerahmy Pocott Cc: FreeBSD Questions Subject: Re: Difficulties establishing VPN tunnel with IPNAT Hello again Jerahmy, I would suggest that you verify what port(s

RE: Difficulties establishing VPN tunnel with IPNAT

Ted > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Roger Olofsson > Sent: Saturday, November 24, 2007 2:09 PM > To: Jerahmy Pocott > Cc: FreeBSD Questions > Subject: Re: Difficulties establishing VPN tunnel with IPNAT > > &g

Re: Difficulties establishing VPN tunnel with IPNAT

Hello again Jerahmy, I would suggest that you verify what port(s) and protocol(s) 'Sonic Wall Global VPN Client' needs to work. I would also suggest that you look in the logfile from ipf to see what it's blocking and when. My guess is that the VPN client is using a protocol like IPSEC (IP

Re: Difficulties establishing VPN tunnel with IPNAT

Sorry let me clarify.. There are two issues, one is connecting to any external VPN, with no filter I can establish a connection to PPTP VPN, but the 'Sonic Wall Global VPN Client' still fails to connect even with no filter rules. The redirect for the CVS server has an ipf rule to allow traf

Re: Difficulties establishing VPN tunnel with IPNAT

Sorry, the issue is connecting TO any out side VPN, not connecting from outside. I tested with ipf set to accept all and it still failed, so I figured it must be ipnat.. I had no issues when using ipfw/natd. On 25/11/2007, at 12:50 AM, Roger Olofsson wrote: Hello Jerahmy, Assuming you wa

Re: Difficulties establishing VPN tunnel with IPNAT

Hello Jerahmy, Assuming you want to connect from the outside to your VPN. Have you made sure that port 2401 is open for inbound traffic in your ipf.rules? You might also want to do 'ipnat -C -f '. Man ipnat ;^) Greeting from Sweden /Roger Jerahmy Pocott skrev: Hello, I recently decided