Re: VPN client connectivity issues with OBSD firewall

[Suresh Myneni <mynenis_(_at_)_gmail_(_dot_)_com>]

The first machine I use to connect to the client's VPN server is
working fine. When the first VPN connection is active, and when I try
the second machine, the second machine is not able to connect to the
VPN server.
Is it something to do with the traffic routing in the private network
between the client machines and the router?? Please advise.
Thanks,
SM

On 5/24/05, Joerg Sonnenberger <joerg_(_at_)_britannica_(_dot_)_bec_(_dot_)_de> wrote:
> On Tue, May 24, 2005 at 05:21:21PM +0530, Suresh Myneni wrote:
> > Hopefully someone will be able to help me with a vpn client
> > connectivity problem . Using Contivity VPN client on windows 2k going
> > through OpenBSD 3.7 PF/NAT
> 
> [skip]
> 
> Check whether the VPN client can actually deal with NAT, since
> otherwise the remote hosts tries to reuse the connection of
> the first client. The IP it sees is identical after all.
> 
> This is more a IPsec question and not so much a PF question.
> 
> > # don't allow anyone to spoof non-routeable addresses
> > block in quick on $ExtIF from $NoRouteIPs to any
> > block out quick on $ExtIF from any to $NoRouteIPs
> 
> Check antispoof.
> 
> > # and let out-going traffic out and maintain state on established connections
> > # pass out all protocols, including TCP, UDP and ICMP, and create state,
> > # so that external DNS servers can reply to our own DNS requests (UDP).
> > # ALSO ALLOW isakmp outgoing
> 
> If you want to pass all outgoing traffic, why do you block it first?
> This prevents e.g. the use gif, not sure if you really intend that.
> 
> Joerg