I've got a pretty standard network which uses a FreeBSD server to perform NAT between my internal IPs (192.168.0.x) and the outside world. Everything is working tickety-boo, but I'm trying to tweak my firewall rules (ipfw, based on the 'SsIiMmPpLlEe' firewall template in rc.firewall) to allow a CISCO IPSec-based VPN client on a local machine to connect to a remote server (tunnel).

tcpdump shows that the client attempts to send packets to the remote VPN server on port 500 (isakmp) as you'd expect, but it's not getting any packets back and so the connection fails.

The following suggests that you can solve the problem by not changing the source port of the NATed packets, but gives a sample using pf:


Other posts I've read say you can simply forward packets from the remote VPN server to the machine running the VPN client, but (needless to say) I haven't been able to get this to work:


Any suggestions from people who have done similar before?


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to