[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: connect to vpn behind openbsd firewall



Hi
What kind of VPN server are you running?
if you are running IPSEC you must allow protocol 50, or if you are running PPTP you need to enable port 1723 and protocol gre


ipsec
pass in quick on $ext_if proto 50 from 1.2.3.4 to $ext_if keep state

gre
rdr on $ext_if proto { tcp, udp } from any to ($ext_if) port 1723 -> 10.0.0.1 port 1723
rdr on $ext_if proto gre from any to ($ext_if) -> 10.0.0.1


pass in quick on $ext_if proto 47 from any to 10.0.0.1 keep state
pass in quick on $ext_if proto { tcp, udp } from any to 10.0.0.1 port 1723 keep state


Marcos Biscaysaqu
ThePacific.net


Tihomir Ganev wrote:


hi Pf

how to adjust my pf.conf and connect to vpn server.

VPNserver <- OpenBSD 3.5 + NAT <- myPc

default policy is
Block in log All
Block out log All

nat on rl0 from <users> to any tag users ->
($ext_if:0)

pass out on $ext_if proto tcp all tagged users
modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

Etherial says that packets are drop by rule 0 and 1

Best regards
T.Ganev



__________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com