IPFW HELP: IPhone > L2TP VPN / IPFW / HostAP / FreeBSD 11 System -> no access

MrX86

New Member


Messages: 1

L2TP VPN Terror on FreeBSD Lan to LAN Router

(no NATD, no IPFW NAT)


NAT traversal does not work ?????

Info:

no connection
with the iphone to the internet via
my NAT Freebsd 11 server (additionally as an access point)
and works successfully only with port forwarding option.


only the vpn via my iphone is not working

internet connection wlan ....everything goes.




Error via tcpdump:
Code:
19:40:46.154667 IP 192.168.8.109 > XXX.XXX.XXX.XXX: ICMP 192.168.8.109 udp port sae-urn unreachable, length 36
19:40:46.154682 IP 192.168.8.109 > XXX.XXX.XXX.XXX: ICMP 192.168.8.109 udp port sae-urn unreachable, length 36



ipfw show:
Code:
00096 57713 28895748 allow ip from any to any
65535     0        0 deny ip from any to any



LAN:
Code:
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=82099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 94:c6:91:1d:d7:9d
        inet 192.168.8.106 netmask 0xffffff00 broadcast 192.168.8.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=200001<RXCSUM,RXCSUM_IPV6>
        ether 18:31:bf:56:ce:52
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
        status: running
        ssid BSDWAN channel 1 (2412 MHz 11g ht/20) bssid 18:31:bf:56:ce:52
        regdomain FCC country US authmode WPA2/802.11i privacy MIXED
        deftxkey 3 AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30 scanvalid 60
        protmode CTS ht20 ampdulimit 64k ampdudensity 16 shortgi -stbc wme
        dtimperiod 1 -dfs
        groups: wlan
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:67:3e:d6:99:00
        inet 192.168.1.211 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: wlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 69204
        member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 200000



Config:
Code:
net.inet.ip.fw.dyn_keep_states: 0
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_max: 16384
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.enable: 1
net.inet.ip.fw.static_count: 2
net.inet.ip.fw.default_to_accept: 0
net.inet.ip.fw.tables_sets: 0
net.inet.ip.fw.tables_max: 128
net.inet.ip.fw.default_rule: 65535
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.one_pass: 1
 
Top