pf with named (WAS RE: VPN with ADSL (dynamics IPs))

Like I said, I've never done VPN on OBSD, so I wasn't aware that they needed IPs not DNS names. (Is there a reason? It doesn't seem like it should be necessary, but what do I know...? :)

I have another question that's sorta related... I _do_ need to do packet filtering and NAT/rdr stuff. I have a nice pf.conf that does exactly what I want it to, but what I'd really love would be to be able to use the DNS names of hosts on our local network to resolve those things. I've tried writing the rdr lines using DNS names instead of IPs, and I when I reboot the firewall, I get a bunch of nasty messages that pfctl can't resolve the names. Then I read down a few more lines in the boot messages and I notice that named starts up after pfctl loads the rules, so it's easy enough to figure out why _those_ errors are coming up ;)

My question is, can you reorder those at startup so that named starts first? What file do you edit to do that? And is it safe to do that? (Will it likely break anything else in the bargain?)

And before you ask, we have the resources to run our local DNS server on a separate machine, but not the physical space, so that was out. DNS/DHCP/NAT/pf are all one box (though it's a 1.4 GHz Athlon w/ 512 MB of RAM and a 40 GB hard drive, so it's got plenty of brawn to handle the task :)

OpenBSD: keeping vulnerable Microsoft servers protected from the Internet for seven years and counting... :)

   -d

-----Original Message-----
From: David M. Smith [mailto:david.smith@ualberta.ca] Sent: Friday, January 31, 2003 2:11 PM
To: David Dinin; openbsd
Cc: misc
Subject: RE: VPN with ADSL (dynamics IPs)

I don't think that it's possible to setup the VPN using name service, you have
to specify IP's not names...

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

>===== Original Message From David Dinin <DDinin@resourcecapitalgroup.com>