On Thu, Nov 11, 2004 at 03:53:50PM -0800, the unit calling itself Tihomir Ganev
wrote:
>
> how to adjust my pf.conf and connect to vpn server.
>
> VPNserver <- OpenBSD 3.5 + NAT <- myPc
>
> default policy is
> Block in log All
> Block out log All
>
> nat on rl0 from <users> to any tag users ->
> ($ext_if:0)
>
> pass out on $ext_if proto tcp all tagged users
> modulate state flags S/SA
> pass out on $ext_if proto { udp, icmp } all keep state
>
> Etherial says that packets are drop by rule 0 and 1
>
I use a Cisco VPN client to connect to my "corporate" network from home
(where I use OBSD 3.5 & pf). I've never been able to get this to work.
However, I do seem to recall a thread here a few months ago that this
problem was to be resolved in 3.6 with the addition of something called
"NAT-T". I haven't had time to upgrade to 3.6, or even do any further
research on this, so I may be out in left field.
HTH,
Jay
