[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IP protocol passage

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: IP protocol passage
From: Mike Ayers <mike_(_dot_)_ayers_(_at_)_earthling_(_dot_)_net>
Date: Mon, 20 Aug 2001 23:14:42 -0700
Reply-to: mike_(_dot_)_ayers_(_at_)_earthling_(_dot_)_net

	Here is my setup:

ISP <--> pppoe <--> ipnat <--> ipf <--> 192.168.x.x

	I have it all set up and running well with HTTP, newsgroups, mail,
etc.  However, I want to use my company's extranet as well.  In order to
do this, I need to be able to pass IP packets of type 50 & 51
(encapsulated security and authentication header, respectively).  To
make sure that I was doing everything correctly, I left them out of my
IPF rules and tried to connect my VPN, expecting to see the failed
packets via ipmon.  However, no packets appeared and the VPN connection
timed out.  Next, I loaded a "pass all both ways" ruleset to ipf
(briefly), and tried to connect that way - another timeout.  It appears
that either pppoe or ipnat are failing to pass these packets.  Is there
a compilation flag or setting that I need to use?

	Any help appreciated.


/|/|ike

Prev by Date: Re: Question about ftp and ipfilter !
Next by Date: Re: newbie: telnet daemons and access
Previous by thread: Re: Question about ftp and ipfilter !
Next by thread: Re: IP protocol passage
Index(es):
- Date
- Thread

Visit your host, monkey.org