What kind of VPN server are you running?
if you are running IPSEC you must allow protocol 50, or if you are running PPTP you need to enable port 1723 and protocol gre
ipsec pass in quick on $ext_if proto 50 from 1.2.3.4 to $ext_if keep state
gre
rdr on $ext_if proto { tcp, udp } from any to ($ext_if) port 1723 -> 10.0.0.1 port 1723
rdr on $ext_if proto gre from any to ($ext_if) -> 10.0.0.1
pass in quick on $ext_if proto 47 from any to 10.0.0.1 keep state
pass in quick on $ext_if proto { tcp, udp } from any to 10.0.0.1 port 1723 keep state
Marcos Biscaysaqu ThePacific.net
Tihomir Ganev wrote:
hi Pf
how to adjust my pf.conf and connect to vpn server.
VPNserver <- OpenBSD 3.5 + NAT <- myPc
default policy is Block in log All Block out log All
nat on rl0 from <users> to any tag users -> ($ext_if:0)
pass out on $ext_if proto tcp all tagged users modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state
Etherial says that packets are drop by rule 0 and 1
Best regards T.Ganev
__________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
