L2TP VPN Terror on FreeBSD Lan to LAN Router
(no NATD, no IPFW NAT)
NAT traversal does not work ?????
Info:
no connection
with the iphone to the internet via
my NAT Freebsd 11 server (additionally as an access point)
and works successfully only with port forwarding option.
only the vpn via my iphone is not working
internet connection wlan ....everything goes.
Error via tcpdump:
ipfw show:
LAN:
Config:
(no NATD, no IPFW NAT)
NAT traversal does not work ?????
Info:
no connection
with the iphone to the internet via
my NAT Freebsd 11 server (additionally as an access point)
and works successfully only with port forwarding option.
only the vpn via my iphone is not working
internet connection wlan ....everything goes.
Error via tcpdump:
Code:
19:40:46.154667 IP 192.168.8.109 > XXX.XXX.XXX.XXX: ICMP 192.168.8.109 udp port sae-urn unreachable, length 36
19:40:46.154682 IP 192.168.8.109 > XXX.XXX.XXX.XXX: ICMP 192.168.8.109 udp port sae-urn unreachable, length 36
ipfw show:
Code:
00096 57713 28895748 allow ip from any to any
65535 0 0 deny ip from any to any
LAN:
Code:
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=82099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 94:c6:91:1d:d7:9d
inet 192.168.8.106 netmask 0xffffff00 broadcast 192.168.8.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=200001<RXCSUM,RXCSUM_IPV6>
ether 18:31:bf:56:ce:52
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
status: running
ssid BSDWAN channel 1 (2412 MHz 11g ht/20) bssid 18:31:bf:56:ce:52
regdomain FCC country US authmode WPA2/802.11i privacy MIXED
deftxkey 3 AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30 scanvalid 60
protmode CTS ht20 ampdulimit 64k ampdudensity 16 shortgi -stbc wme
dtimperiod 1 -dfs
groups: wlan
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:67:3e:d6:99:00
inet 192.168.1.211 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1<PERFORMNUD>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: wlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 3 priority 128 path cost 69204
member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 200000
Config:
Code:
net.inet.ip.fw.dyn_keep_states: 0
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_max: 16384
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.enable: 1
net.inet.ip.fw.static_count: 2
net.inet.ip.fw.default_to_accept: 0
net.inet.ip.fw.tables_sets: 0
net.inet.ip.fw.tables_max: 128
net.inet.ip.fw.default_rule: 65535
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.one_pass: 1