Re: vpn cannot connected
This is a discussion on Re: vpn cannot connected within the IPFilter forums, part of the System Security and Security Related category; On Tue, 6 Jul 2004, Shepherd wrote: > I met the same problem, couldn't connect to a VPN server ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-06-2004
|
|||
|
|||
Re: vpn cannot connected
On Tue, 6 Jul 2004, Shepherd wrote: > I met the same problem, couldn't connect to a VPN server outside. > But if I use bimap to bind an internet IP address to a private address, it can connect. > The version is "IP Filter: v3.4.31 (336)". > You will need to let the GRE protocol through with a rule something like pass in quick on rl1 proto gre from any to any keep state What you will also need to be aware of is if your kernel has GRE built into it. On the OpenBSD platform you need to remove GRE from the kernel if you will be running PPTP Service on that system. Larry. > ----- Original Message ----- > From: "sunjun" <sunjun@egotop.com> > To: <ipfilter@coombs.anu.edu.au> > Sent: Thursday, March 18, 2004 12:55 PM > Subject: vpn cannot connected > > > > hi, > > > > help , look my ipf rule > > > > rl1 is connected to our external > > server run mpd (vpn), > > only permit vpn client connect in rl1 ,other all deny > > but permit rl1 go out > > > > ----------------------- > > block in quick on rl1 all head 12 > > pass in quick on rl1 proto tcp from any to any port = 1723 keep state > > group 12 > > pass out quick on rl1 all keep state > > ----------------------- > > > > > > now, vpn cannot connected, > > > > where error ?? > > > > > > > > all rule > > ----------------- > > #block in quick all with frag > > block in quick all with short > > block in quick all with ipopts > > block in quick all with opt lsrr > > block in quick all with opt ssrr > > block in proto icmp from any to any > > pass out proto icmp from any to any keep state > > > > # Internet > > block in quick on rl1 all head 12 > > pass in quick on rl1 proto tcp from any to any port = 1723 keep state > > group 12 > > pass out quick on rl1 all keep state > > > > # Intranet > > pass in quick on rl0 proto tcp/udp from 172.16.1.10/32 to 172.16.1.7/32 > > port = 229 > > pass in quick on rl0 proto tcp/udp from 172.16.12.0/32 to 172.16.1.7/32 > > port = 229 > > pass in quick on rl0 proto tcp/udp from 172.16.1.67/32 to 172.16.1.7/32 > > port = 229 > > block in quick on rl0 proto tcp/udp from any to any port = 229 > > block in quick on rl0 proto tcp/udp from any to any port 136 >< 140 > > pass out quick on rl0 proto tcp/udp from 172.16.3.0/24 to 172.16.0.0/16 > > port 136 >< 140 keep state > > > > block in quick on rl0 proto tcp/udp from any to any port 6900 >< 7000 > > block in quick on rl0 proto tcp/udp from any to any port 7800 >< 7900 > > block in quick on rl0 proto tcp/udp from any to any port 8880 >< 9000 > > > > block in quick on rl0 proto tcp/udp from any to any port = 25 > > > > > > 
|
Linear Mode
