[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: connect to vpn behind openbsd firewall



On Thu, Nov 11, 2004 at 03:53:50PM -0800, the unit calling itself Tihomir Ganev wrote:
> 
> how to adjust my pf.conf and connect to vpn server.
> 
> VPNserver <- OpenBSD 3.5 + NAT <- myPc
> 
> default policy is
> Block in log All
> Block out log All
> 
> nat on rl0 from <users> to any tag users ->
> ($ext_if:0)
> 
> pass out on $ext_if proto tcp all tagged users
> modulate state flags S/SA
> pass out on $ext_if proto { udp, icmp } all keep state
> 
> Etherial says that packets are drop by rule 0 and 1
> 
I use a Cisco VPN client to connect to my "corporate" network from home 
(where I use OBSD 3.5 & pf). I've never been able to get this to work.
However, I do seem to recall a thread here a few months ago that this 
problem was to be resolved in 3.6 with the addition of something called 
"NAT-T". I haven't had time to upgrade to 3.6, or even do any further 
research on this, so I may be out in left field.
HTH,
Jay