[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP Packets not arriving

	I am trying to get my VPN working through my OpenBSD firewall.  I
wish to connect the laptop client with the server on the Internet.  I
tested the client connectivity by connecting the laptop directly to my
and it worked fine.  However, with the firewall in between, it is not
working, even whenI set the rules to:

pass in from any to any
pass out from any to any

Here is my setup:

 ISP <--> pppoe <--> tun0 <--> nat <--> ipf <--> 192.168.x.x

	Pretty basic.  Nonetheless, when monitoring port 500 traffic I see
the packets going out, but none ever come back.  Reading RFC2408 (not
of it :-) doesn't seem to give me any solid clue as to why the packets
come back.  However, I'm using NAT and the source address and port
are part of the SA hash - could that be the problem?  Has anyone gotten
a similar config to work?  Were there any special considerations?  This
Nortel's Extranet - does that change anything?