|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
OpenBSD, vpnc and packets forwarding problems
Hi,
I am building a simple router based on OpenBSD 4.5 installed on VMware Server 2.0.1 which should allow me to connect all my network hosts to a VPN. Because the VPN is a Cisco VPN I am using vpnc 0.5.3 (which I compiled with OpenSSL support). The connection to the VPN starts correctly and I receive all the networks present on the Cisco aggregator. From this point I have several problems: 1) I can not ping the interface tun0 (from OpenBSD), no way, also configuring PF to pass in all and out all. 2) I can not ping hosts in the VPN (from OpenBSD and all clients on my network) I premise that i have enabled net.inet.ip.forwarding (so set it to 1) and ATM there is no blocking rules on pf. here is my pf.conf file Code:
set skip on lo EXT = "tun0" # This is the vpnc connection INT = "vic0" # This is the VMware network card which is BRIDGED on the host network card LAN_clients = "192.168.0.0/24" nat on $EXT from $LAN_clients to any -> ($EXT) pass in all pass out all Does someone knows what wrong? Thank you for your help |
|
||||
Because security/vpnc is a userland implementation of IPSec, you must disable either one or two sysctls, per the installation message:
Code:
In order for vpnc to actually get any received IPsec packet, you have to disable ESP in your kernel like this: sysctl net.inet.esp.enable=0 If you are behind a NAT gateway, you have to disable UDP encapsulation as well: sysctl net.inet.esp.udpencap=0 http://marc.info/?l=openbsd-ports&w=2&r=1&s=vpnc&q=b |
|
|||
Thank you for your help jggimi,
I already did this and from the sysctl.conf file (so from the boot), it was my fault to not tell it on my previous post, sorry. If I do ifvonfig after vpnc get connected I see that: Code:
tun0: flags=51<UP,POINTTOPOINT,RUNNING> mtu 1412 priority: 0 groups: tun inet 192.168.20.75 --> 192.168.20.75 netmask 0xffffffff All sounds good, but once connected... nothing works |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
x11 forwarding over ssh not working | kasse | OpenBSD General | 14 | 23rd December 2008 02:21 PM |
port forwarding | ikevmowe | OpenBSD Security | 13 | 21st November 2008 06:03 PM |
VNC port forwarding help | revzalot | OpenBSD Security | 3 | 10th September 2008 06:59 AM |
Redirecting ESP packets | ales | OpenBSD Security | 2 | 15th June 2008 09:13 PM |
IPF: Packets Out Of Window | bram85 | FreeBSD Security | 9 | 2nd June 2008 04:09 PM |