[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN client cannot connect through OpenBSD router/firewall
On Mon, Jan 17, 2005 at 10:38:05PM +0100, the unit calling itself Laurent Cheylus wrote:
> > Okay. I have a problem that I can't get my brain around and I need
> > some help. My wife needs to connect to her VPN at work. I've
> > captured packets for her connection and see that it's connecting to
> > her work server on ports 53 (dns) and 500 (isakmp).
> > I thought that since she was initiating the connections to port 53 and
> > 500 that the keep state entries on the outbound tcp and udp traffic
> > would be enough to ensure she could connect and wouldn't require me to
> > set up NAT for these connections. Am I wrong? What am I missing here?
> According to your pf.conf, your TCP/UDP outbond connections are nated.
> To use VPN IPsec client with a NAT gateway like yours, VPN client must
> use NAT-Traversal (ESP packets encapsulation in UDP packets on port
> 4500). And the IPsec gateway of your wife at work must also support
> What is the IPsec client used by your wife and the IPsec gateway
> implementation used at her work ?
> SSH Sentinel and Safenet SoftRemote are commercial VPN clients that
> supports NAT-Traversal. isakmpd supports also NAT-Traversal since
> OpenBSD version 3.6 :-)
I have the same problem. My VPN client is Cisco VPN Client ver 4.6.00.
I gather that pf can't pass some VPN traffic, and that getting it
through pf will require some isakmpd setup?