Difficulties establishing VPN tunnel with IPNAT
Jerahmy Pocott
quakenet1 at optusnet.com.au
Sun Nov 25 10:59:19 PST 2007
On 26/11/2007, at 4:47 AM, Roger Olofsson wrote:
> Hello Jerahmy,
>
> Some progress it seems? Why not set it to allow gre from VPN server
> only? Ie pass in quick on fxp1 proto gre from <vpn server ip> to any?
>
> The way you ask your question, 'make it work without static ip or
> allowing all traffic', isn't that contradictory?
>
> As for the frag part, I'd say that if gre needs frag, then you will
> have to enable it.
>
> About the CVS, I seem to have misunderstood your question. I
> assumed 10.0.0.2 wanted to recieve CVS inbound and not serve it
> outbound, or am I mistaking again?
>
> /Roger
Yes, that is what I meant by 'static ip' I could allow all gre from
the specific ip address
but I would prefer that gre traffic be allowed from a host only when
an existing connection
has been opened to it..
10.0.0.2 is a CVS server.
It seems to me that natd works better with ipsec
More information about the freebsd-questions
mailing list