On Sat, Mar 15, 2003 at 07:08:46PM -0500, jmc wrote: > here's the relevant (i think) parts from my pf.conf:
Those rules look ok. > where xxx.xxx.xxx.xxx is my remote vpn peer and xxx.xxx.xxx.xxx is your firewall as well? ;) > the client just hangs until it times out, and the logs on the client report > that inbound connections are not allowed. I'm not sure what that you're saying. The client is reporting that the server is saying that inbound connections are not allowed? Or the client itself is reporting that it won't accept inbound connections? I don't see how either case applies if you get no packets whatsoever back from the vpn server. Some things off the top of my head: 1) Disconnect your firewall and connect your client directly to the Internet. It's good to have verification that it works normally. 2) Check the state table to make sure nat proxying is working as expected. 3) Try a binat rule instead of nat proxying, something like: binat on $ext_if from $client_ip to $vpn -> $extip I'm not sure if this fundamentally different from nat proxying. (pf dudes?) 4) Get a hold of the vpn server admin if feasible and ask what the vpn server is reporting. - jolan
