[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGPnet 7.0.2 and OpenBSD 2.7 VPN problems - getting there...

To: misc@openbsd.org
Subject: Re: PGPnet 7.0.2 and OpenBSD 2.7 VPN problems - getting there...
From: josh <dorqus@bsdfreek.com>
Date: Fri, 5 Jan 2001 11:36:19 -0500
Content-Disposition: inline
References: <20010104160743.A30332@freek.com>
User-Agent: Mutt/1.2.5i


Well I've made quite a bit of progress.  Getting the newest isakmpd
from 2.7 patch-branch helped alot.

I now can ping the external IP of the firewall over the VPN - I see this
when I do 'tcpdump -tni enc0'

fw# tcpdump -tni enc0
tcpdump: WARNING: enc0: no IPv4 address assigned
tcpdump: listening on enc0
(authentic,confidential): SPI 0x745bbe26: X.X.158.90 > Y.Y.135.254: \
	ip-proto-4 78
(authentic,confidential): SPI 0x745bbe26: X.X.158.90 > Y.Y.135.254: \
	ip-proto-4 78
(authentic,confidential): SPI 0x9ebe00ae: X.X.158.90 > Y.Y.135.254: \
	ip-proto-4 60
(authentic,confidential): SPI 0x745bbe26: X.X.158.90 > Y.Y.135.254: \
	ip-proto-4 78

[snip]
where x.x.158.90 = vpn client, and y.y.135.254 = the firewall.

However, now the problem that I'm seeing is when I try and connect
to a host in the subnet behind the firewall (Y.Y.134.0/24) I see
the following in my PGPnet logs:
"Incoming packet not secure - discarding"  It's as if the firewall
is not encrypting packets coming back from the internal network
to the VPN client.

I have the following rules towards the top of the ipf.rules file:
pass  in  quick on enc0 all
pass  out quick on enc0 all

Once I get this all worked out I'll post my results, config files, etc.
on a web page.  I know I'm very close....

Thanks!

-- 
josh

References:
- PGPnet 7.0.2 and OpenBSD 2.7 VPN problems
  - From: josh <dorqus@bsdfreek.com>

Prev by Date: Re: A Review of: ssh and my meat loaf!!
Next by Date: RE: IPV6 and freenet6.net
Prev by thread: PGPnet 7.0.2 and OpenBSD 2.7 VPN problems
Next by thread: ipmon output format
Index(es):
- Date
- Thread