gre through bsd

[linuxtricks]

Hi.
I am hoping someone will be able to help me.

I have an OpenBSD firewall at home that works superb-ly... other than the fact that I cannot establish a VPN connection from a machine behind the Firewall -> to my office VPN Server.

I have tried to enable the following:

In /etc/sysctl.conf

[red]net.inet.gre.allow=1 #gre
net.inet.ip.forwarding=1[/red]

note: there are also entries for the following, which seem to be disabled:
#net.inet.esp.enable=1 # 1=Enable the ESP IPSec protocol
#net.inet.ah.enable=1 # 1=Enable the AH IPSec protocol

Should I enable them?

Also, in /etc/ipnat.rules, I have:

[red]rdr xl0 0/0 port 0 -> 192.168.0.3 port 0 gre
rdr xl0 199.233.1.2/32 port 1723 -> 192.168.0.3 port 1723[/red]

Shouldn't I be adding anything to /etc/ipf.rules?
such as the following example I saw in a newsgroup:

[red]pass in quick on xl0 proto gre from 208.19.223.30/32 to 196.28.127.66/32 pass out quick on xl0 proto gre from 196.28.127.66/32 to 208.19.223.30/32[/red]

Thank you in advance for any help you can supply me with.

Rich [sig]<p> <br><a href=mailto: > </a><br><a href= > </a><br><i>try not!</i><br>
<i>do... or do not. there is no try!</i>[/sig]