[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN client cannot connect through OpenBSD router/firewall
Michael Erdely wrote:
You're doing a "block all" and then aren't allowing esp traffic out.
Try adding the following with your tcp, udp and icmp pass out rules:
pass out $log_flg on $ext_if proto esp all keep state
When troubleshooting something like this, it may be useful to to add
"log" to your default block rule so you'll at least see what's being
Thank you very much for the advice. This worked like a charm. How
did you know, or better yet, how could I have known that I needed to
pass out the esp protocol? By seeing what was dropped?
PS - Apologies for cross-posting to the newbie list. I thought my
email to the pf list didn't get through. Also, much thanks to
everyone else for their responses. I will keep them on file because I
think they'll be needed if I'm setting up my own VPN solution and/or
need more granularity in my rule set.