[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP Packets not arriving



	I am trying to get my VPN working through my OpenBSD firewall.  I
wish to connect the laptop client with the server on the Internet.  I
have
tested the client connectivity by connecting the laptop directly to my
ISP,
and it worked fine.  However, with the firewall in between, it is not
working, even whenI set the rules to:

pass in from any to any
pass out from any to any

Here is my setup:

 ISP <--> pppoe <--> tun0 <--> nat <--> ipf <--> 192.168.x.x

	Pretty basic.  Nonetheless, when monitoring port 500 traffic I see
the packets going out, but none ever come back.  Reading RFC2408 (not
all
of it :-) doesn't seem to give me any solid clue as to why the packets
don't
come back.  However, I'm using NAT and the source address and port
number
are part of the SA hash - could that be the problem?  Has anyone gotten
a similar config to work?  Were there any special considerations?  This
is
Nortel's Extranet - does that change anything?


	Thanks,

/|/|ike



Visit your host, monkey.org