|
|||
VPN Nat issue on 4.8
Hi all,
Hope to post my question in the right place. I 've upgraded my 2 fw from 4.6 ->4.7->4.8 Now I have a problem with a VPN that use the nat to reach the remote site. with the 4.6 version everything worked fine, but after the upgrade and the nat rule conversion the VPN came up and run, but retrive a lot of error in daemon log. My ipsec conf is the following (It's the same that i used in 4.6 version) Quote:
My pf.conf is the following: Code:
lan1 = "172.16.1.0/24" lan2 = "172.29.128.96/27" lan3 = "172.20.44.224/27" lan4 = "172.20.43.192/27 " lanremote="10.0.0.0/8" natvpn= "172.16.196.16/28" fwremote= public ip address remote intvpn= my public ip address match out on enc0 from { $lan1, $lan2, $lan3, $lan4 } to $lanremote nat-to $natvpn source-hash #VPN section pass in quick on $ext inet proto udp from $fwremote to $intvpn port 500 pass out quick on $ext inet proto udp from $intvpn to $fwremote port 500 # # pass in quick on $ext inet proto esp from $fwremote to $intvpn pass out quick on $ext inet proto esp from $intvpn to $fwremote # ENC0 VPN interface ################################################################################# # block in on enc0 all block out on enc0 all block return-rst in on enc0 proto tcp all block return-rst out on enc0 proto tcp all # # pass in quick on enc0 proto ipencap from $fwremote to $intvpn pass out quick on enc0 proto ipencap from $intvpn to $fwremote # # # pass out quick on enc0 inet proto { udp, tcp, icmp } from $natvpn to $lanremote pass in quick on enc0 inet proto { udp, tcp, icmp } from $lanremote to $natvpn The errors I retrive periodically in daemon log are: Quote:
I know that my ipsec.conf seems strange because I put the lan ip address and not the nat ip to create the tunnel, but with the 4.6 it worked fine the only rule that I used and now in 4.8 I 've removed is: Code:
no nat on $ext from $natvpm to $lanremote Any help well be very appreciated. Thank you in advance Last edited by J65nko; 11th April 2011 at 04:01 PM. Reason: [code] and [/code], [quote] and [/quote] tags added |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
gdm/ new monitor issue | jimbus | FreeBSD General | 3 | 4th August 2009 07:39 PM |
4.5 -current issue | roundkat | OpenBSD Installation and Upgrading | 11 | 28th February 2009 02:11 PM |
FFS permission issue | marc | OpenBSD General | 2 | 2nd February 2009 07:31 PM |
Possible SMP Issue? | MetalHead | OpenBSD General | 1 | 25th November 2008 03:52 AM |
RAM issue | nikkon | FreeBSD General | 5 | 7th May 2008 04:26 AM |