Re: IPF vs VPN

Tue, 09 May 2006 16:05:20 -0700 

After log tests and troublem i'm returning for mailist.

My Vpn server is a W2k server, my client is a XP

Im using PPTP for vpn

I have tested with my VPN server connected directly on internet
Then i successfully access all my remote network

But, when I try to access my vpn server behind FreeBSD ipf, it failed;

I can Connect, Auth in My NT Domain, get an internal IP (DHCP), ping my
vpn server by the internal ip.
I cannot access other computers in my network (Mail servers, File Server, Etc..) 

Technical issues:
xl0=ext_if
xl1=int_if
128.1.1.222=My Internal ip of Vpn server
200.198.106.170=My External ip of Vpn server

==> ipnat.rules
bimap xl0 128.1.1.222/32 -> 200.198.106.170/32

==> ipf.rules
-------8<-------------------------
pass in quick on xl0 proto tcp/udp from any to 128.1.1.222 port = 1723 keep state pass in quick on xl0 proto tcp/udp from any to 128.1.1.222 port = 500 keep state pass in quick on xl0 proto tcp/udp from any to 128.1.1.222 port = 1701 keep state 
pass in quick on xl0 proto gre from any to 128.1.1.222 keep state
-------8<-------------------------

monitoring by ipmon i cant view nothing blocked


Help please!?
----- Original Message ----- From: "Jim Sandoz" <[EMAIL PROTECTED]> 
To: "Luis Henrique Machado Jr." <[EMAIL PROTECTED]>
Cc: <[email protected]>
Sent: Wednesday, May 03, 2006 10:30 AM
Subject: Re: IPF vs VPN




luis,

you have posted 0.1% of the information needed to solve your problem.

for a start,
  http://www.phildev.net/ipf/IPFmail.html#mail3
then
  vpn server?
  vpn client?
  vpn client configuration?
  what tests have you done?
  which have failed?
  does your client work without NAT?
  does your client work with NAT not provided by ipf?

also see
http://www.phildev.net/ipf/IPFprob.html#prob19
http://www.phildev.net/ipf/IPFvpn.html

jim



Luis Henrique Machado Jr. wrote:

I'm using:
ipf: IP Filter: v3.4.31 (336)
Kernel: IP Filter: v3.4.35
FreeBSD 4.10-STABLE

I'm have problems with vpn behind NAT.

I can't access whole network, only the vpn server :(
I'm reading http://technet2.microsoft.com/WindowsServer/en/Library/428c1bbf-2ceb-4f76-a1ef-0219982eca101033.mspx but i can't find an solution. Help please

Reply via email to