[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: connect to vpn behind openbsd firewall

What kind of VPN server are you running?
if you are running IPSEC you must allow protocol 50, or if you are running PPTP you need to enable port 1723 and protocol gre

pass in quick on $ext_if proto 50 from to $ext_if keep state

rdr on $ext_if proto { tcp, udp } from any to ($ext_if) port 1723 -> port 1723
rdr on $ext_if proto gre from any to ($ext_if) ->

pass in quick on $ext_if proto 47 from any to keep state
pass in quick on $ext_if proto { tcp, udp } from any to port 1723 keep state

Marcos Biscaysaqu

Tihomir Ganev wrote:

hi Pf

how to adjust my pf.conf and connect to vpn server.

VPNserver <- OpenBSD 3.5 + NAT <- myPc

default policy is
Block in log All
Block out log All

nat on rl0 from <users> to any tag users ->

pass out on $ext_if proto tcp all tagged users
modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

Etherial says that packets are drop by rule 0 and 1

Best regards

__________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com