Re: Howto set up a L2TP/IPsec VPN Dial-In Server (Part I to
I have:
I have tried disable PF at all, the same result, may be only a little bit other lines in tcpdump. With pf enabled I have:
where 192.168.221.31 is IP from mpd5 and 192.168.221.5 other linux server in the same LAN.
obsigna said:b0ba said:... I can not reach any other PC in the network. Seems PF blocks packets outside of the VPN server, but
not. What can be the reason ?
Is the IPsec server listening on the WAN interface, i.e. before NAT? In this case, consider to put it behind NAT.
Yes, IPSec is listening WAN interface. I have em0 - WAN, em1 - LAN. What is advantage, if I put it behind NAT ? In anycase I have to forward IPSec ports to it or I am wrong.
I have this line.
Check whether the firewall allows any traffic on the ng* interfaces. I have no experience with pf, I use ipfw(8), and the respective rule for this is:
Code:... /sbin/ipfw -q add 50 allow ip from any to any via ng* ...
I have:
Code:
# There is a better way to do this with ifconfig groups - you're welcome to try getting
# mpd5 to do that!
pass quick on ng0 all
pass quick on ng1 all
pass quick on ng2 all
pass quick on ng3 all
pass quick on ng4 all
pass quick on ng5 all
I have tried disable PF at all, the same result, may be only a little bit other lines in tcpdump. With pf enabled I have:
Code:
16:04:39.409825 IP 192.168.221.31.52357 > 192.168.221.5.ssh: Flags [S], seq 2764170046, win 8192, options [mss 1240,nop,wscale 2,nop,nop,sackOK], length 0
16:04:39.409857 IP 192.168.221.5.ssh > 192.168.221.31.52357: Flags [R.], seq 0, ack 2764170047, win 0, length 0
16:04:40.000318 IP 192.168.221.31.52357 > 192.168.221.5.ssh: Flags [S], seq 2764170046, win 8192, options [mss 1240,nop,wscale 2,nop,nop,sackOK], length 0
16:04:40.000349 IP 192.168.221.5.ssh > 192.168.221.31.52357: Flags [R.], seq 0, ack 1, win 0, length 0
16:04:40.574235 IP 192.168.221.31.52357 > 192.168.221.5.ssh: Flags [S], seq 2764170046, win 8192, options [mss 1240,nop,nop,sackOK], length 0
16:04:40.574258 IP 192.168.221.5.ssh > 192.168.221.31.52357: Flags [R.], seq 0, ack 1, win 0, length 0
16:04:47.608413 IP 192.168.221.31.52358 > 192.168.221.5.ssh: Flags [S], seq 1881090481, win 8192, options [mss 1240,nop,wscale 2,nop,nop,sackOK], length 0
16:04:47.608450 IP 192.168.221.5.ssh > 192.168.221.31.52358: Flags [R.], seq 0, ack 1881090482, win 0, length 0
16:04:48.187196 IP 192.168.221.31.52358 > 192.168.221.5.ssh: Flags [S], seq 1881090481, win 8192, options [mss 1240,nop,wscale 2,nop,nop,sackOK], length 0
16:04:48.187219 IP 192.168.221.5.ssh > 192.168.221.31.52358: Flags [R.], seq 0, ack 1, win 0, length 0
16:04:48.768865 IP 192.168.221.31.52358 > 192.168.221.5.ssh: Flags [S], seq 1881090481, win 8192, options [mss 1240,nop,nop,sackOK], length 0
16:04:48.768887 IP 192.168.221.5.ssh > 192.168.221.31.52358: Flags [R.], seq 0, ack 1, win 0, length 0
where 192.168.221.31 is IP from mpd5 and 192.168.221.5 other linux server in the same LAN.