I've got a pretty standard network which uses a FreeBSD server to perform NAT
between my internal IPs (192.168.0.x) and the outside world. Everything is
working tickety-boo, but I'm trying to tweak my firewall rules (ipfw, based on
the 'SsIiMmPpLlEe' firewall template in rc.firewall) to allow a CISCO
IPSec-based VPN client on a local machine to connect to a remote server (tunnel).
tcpdump shows that the client attempts to send packets to the remote VPN server
on port 500 (isakmp) as you'd expect, but it's not getting any packets back and
so the connection fails.
The following suggests that you can solve the problem by not changing the source
port of the NATed packets, but gives a sample using pf:
Other posts I've read say you can simply forward packets from the remote VPN
server to the machine running the VPN client, but (needless to say) I haven't
been able to get this to work:
Any suggestions from people who have done similar before?
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"