Hosting Provided By

ANSWER...Re: VPN fails with firewall rules

From: ted jordan, jordanteam <ted(at)jordanteam.com>
Date: Sat Apr 19 2003 - 22:59:02 EDT

IT APPEARS that this line was really important

pass in on enc0 all

we're rolling fine now...thanx much
ted

Hakan Olsson wrote:
> On Mon, 7 Apr 2003, ted jordan, jordanteam wrote:

>>   5) kill isakmpd

>
> ...
>

>>Is it necessary to use
>>
>>   pfctl -F all
>>   ipsecadm flush
>>
>>after every test?  Should I be flushing anything else?

>
>
> If you just kill (or kill -TERM) isakmpd, it will send DELETE

>># VPN settings per "man vpn"
>># VPN isakmpd features
>>pass in proto esp from $gatewB to $gatewA
>>pass out proto esp from $gatewA to $gatewB
>>pass in on enc0 from $netB to $netA
>>pass out on enc0 from $netA to $netB
>>pass out on $ExtIF proto udp from $gatewA port = 500 to $gatewB port = 500
>>pass in proto udp from $gatewB to $gatewA port=500
>>pass out proto udp from $gatewA to $gatewB port=500

>
>
> Looks pretty sane, although it may be that the enc0 rules need to permit

-- 
ted jordan, principal
JordanTeam Computing LLC
On-Demand Computing for Independent Business Professionals

ted@jordanteam.com
734 673 7426 p
216 767 1393 p
419 791 9678 f
http://jordanteam.com

Received on Sat Apr 19 23:02:52 2003

This message: [ Message body ]
Next message: Anonymous: "AC '97 Audio Plays Fast"
Previous message: Manish: "Off Topic Test"
In reply to Hakan Olsson: "Re: VPN fails with firewall rules"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:38 EDT