VPNC and ipfilter

Hi all,

I am using VPNC on my freebsd 6.1
I have no problem to start the vpnc and my routing is working ok.
Interface tun0 is ok.

I have test this:
-----------
# ipnat.rules:

map xl0 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
-----------
# ipf.rules:

pass out quick on tun0 proto tcp from any to any keep state
pass out quick on tun0 proto udp from any to any keep state
pass out quick on tun0 proto icmp from any to any keep state

pass in quick on tun0 proto tcp from any to any keep state
pass in quick on tun0 proto udp from any to any keep state
pass in quick on tun0 proto icmp from any to any keep state
----------
#ipf -V
ipf: IP Filter: v4.1.8 (416)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: block all, Logging: available
Active list: 0
Feature mask: 0x10a


But still i can't connect to any host behind the vpn servern.
Any sugestion why?

Regards Jan

Jan Rockstedt wrote:
> Hi all,
>
> I am using VPNC on my freebsd 6.1
> I have no problem to start the vpnc and my routing is working ok.
> Interface tun0 is ok.
>
> I have test this:
> -----------
> # ipnat.rules:
>
> map xl0 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
> -----------
> # ipf.rules:
>
> pass out quick on tun0 proto tcp from any to any keep state
> pass out quick on tun0 proto udp from any to any keep state
> pass out quick on tun0 proto icmp from any to any keep state
>
> pass in quick on tun0 proto tcp from any to any keep state
> pass in quick on tun0 proto udp from any to any keep state
> pass in quick on tun0 proto icmp from any to any keep state
> ----------
> #ipf -V
> ipf: IP Filter: v4.1.8 (416)
> Kernel: IP Filter: v4.1.8
> Running: yes
> Log Flags: 0 = none set
> Default: block all, Logging: available
> Active list: 0
> Feature mask: 0x10a
>
>
> But still i can't connect to any host behind the vpn servern.
> Any sugestion why?
>
> Regards Jan
>

Hi,

do your clients have a route back to the vpnc?
What does tcpdump give you?

HTH

Goetz