linuxtricks
IS-IT--Management
Hi.
I am hoping someone will be able to help me.
I have an OpenBSD firewall at home that works superb-ly... other than the fact that I cannot establish a VPN connection from a machine behind the Firewall -> to my office VPN Server.
I have tried to enable the following:
In /etc/sysctl.conf
[red]net.inet.gre.allow=1 #gre
net.inet.ip.forwarding=1[/red]
note: there are also entries for the following, which seem to be disabled:
#net.inet.esp.enable=1 # 1=Enable the ESP IPSec protocol
#net.inet.ah.enable=1 # 1=Enable the AH IPSec protocol
Should I enable them?
Also, in /etc/ipnat.rules, I have:
[red]rdr xl0 0/0 port 0 -> 192.168.0.3 port 0 gre
rdr xl0 199.233.1.2/32 port 1723 -> 192.168.0.3 port 1723[/red]
Shouldn't I be adding anything to /etc/ipf.rules?
such as the following example I saw in a newsgroup:
[red]pass in quick on xl0 proto gre from 208.19.223.30/32 to 196.28.127.66/32 pass out quick on xl0 proto gre from 196.28.127.66/32 to 208.19.223.30/32[/red]
Thank you in advance for any help you can supply me with.
Rich [sig]<p> <br><a href=mailto: > </a><br><a href= > </a><br><i>try not!</i><br>
<i>do... or do not. there is no try!</i>[/sig]
I am hoping someone will be able to help me.
I have an OpenBSD firewall at home that works superb-ly... other than the fact that I cannot establish a VPN connection from a machine behind the Firewall -> to my office VPN Server.
I have tried to enable the following:
In /etc/sysctl.conf
[red]net.inet.gre.allow=1 #gre
net.inet.ip.forwarding=1[/red]
note: there are also entries for the following, which seem to be disabled:
#net.inet.esp.enable=1 # 1=Enable the ESP IPSec protocol
#net.inet.ah.enable=1 # 1=Enable the AH IPSec protocol
Should I enable them?
Also, in /etc/ipnat.rules, I have:
[red]rdr xl0 0/0 port 0 -> 192.168.0.3 port 0 gre
rdr xl0 199.233.1.2/32 port 1723 -> 192.168.0.3 port 1723[/red]
Shouldn't I be adding anything to /etc/ipf.rules?
such as the following example I saw in a newsgroup:
[red]pass in quick on xl0 proto gre from 208.19.223.30/32 to 196.28.127.66/32 pass out quick on xl0 proto gre from 196.28.127.66/32 to 208.19.223.30/32[/red]
Thank you in advance for any help you can supply me with.
Rich [sig]<p> <br><a href=mailto: > </a><br><a href= > </a><br><i>try not!</i><br>
<i>do... or do not. there is no try!</i>[/sig]