|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Help Enabling Cisco VPN Client Traffic on PF
At home I use cisco vpn client to remote into work. Can anyone PLEASE help me enable this type of traffic in PF?
Help is greatly appreciated. http://www.cisco.com/en/US/products/...308/index.html Thanks Code:
EXT="pppoe0" INT="re1" INT_NET="{ 192.168.0.0/24 }" TCP_PORTS = "{ www ssh }" UDP_PORTS = 'domain' set block-policy drop set skip on lo0 nat on $EXT from $INT_NET -> ($EXT:0) match on pppoe0 scrub (reassemble tcp max-mss 1440) block log all pass out on $EXT tagged OK pass in on $INT inet proto tcp from $INT_NET to any port $TCP_PORTS tag OUT_OK pass in on $INT inet proto udp from $INT_NET to any port $UDP_PORTS tag OUT_OK |
|
||||
I'm not sure I was sufficiently clear, so I'll try to add more information.
Per your pf.conf, all outbound traffic is currently permitted, regardless of source. But traffic inbound is only permitted on the internal network for a limited set of UDP and TCP destination ports. No inbound traffic from the external interface is permitted, unless applicable to an existing state.
|
|
|||
Thanks for the reply
I enabled ESP, UDP and AH but i still was not able to connect. (If I bypass openbsd it works fine) I am not sure what else to do. EDIT: I just saw where you can monitor the firewall activity with Code:
tcpdump -n -e -ttt -i pflog0 |
|
||||
You did not post your revised pf.conf.
Do you have rdr-to rule(s) to redirect the incoming UDP traffic with destination UDP ports 500 and 4500 to your workstation running the Cisco VPN client? Are you passing traffic using protocols ESP and AH? http://en.wikipedia.org/wiki/NAT_tra...rsal_and_IPsec |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
enabling linux binary emulation .. could it harm ? | daemonfowl | OpenBSD Security | 7 | 30th July 2012 02:20 PM |
OBSD client hangs mounting NFS; Linux client doesn't | amorphousone | OpenBSD General | 7 | 26th August 2010 05:21 AM |
Enabling an "All-in-One" Printer/Scanner/Fax on OBSD | IronForge | OpenBSD General | 3 | 17th February 2010 04:22 AM |
NetBSD for Cisco Pix? | twoblink | NetBSD General | 8 | 3rd May 2009 11:21 PM |
Cisco IOS commands ?? | jb_daefo | Off-Topic | 7 | 5th June 2008 01:53 AM |