Re: Upgrade from 2.9 to 3.0 broke my vpn connection

[Jason Haag <jason@macrosys.com>]

It might have been helpful if you posted your old rules
(ipf.rules/ipnat.rules) and the new confs (pf.conf/nat.conf).

Other than that, have you tried a recent snapshot, just to see if there
might be a problem in 3.0-release? I had a problem with net-net VPNs between
2.9-stable and 3.0-stable boxes, and the 2/23 snapshot of 3.0 fixed that.

If you are trying to connect via PPTP, make sure you allow the GRE protocol
(IP 47, I think).

HTH,
Jason

-----Original Message-----
From: Gary S MacKay [mailto:gary@edisoninfo.com] 
Sent: Tuesday, March 12, 2002 8:44 PM
To: misc@openbsd.org
Subject: Upgrade from 2.9 to 3.0 broke my vpn connection


I upgraded my 2.9 box to 3.0 and love it save one thing. I can no longer 
connect to my client's vpn's. I was able to connect from my W2k box out 
through my 2.9 box into their Netopia R910 firewall/router. Since I've 
upgraded, it gets to the verifying username/password and hangs for awhile 
then times out. I've monitored the pflog0 device and do not see any 
'blocks'. I had ipf running on the 2.9 box and now use the new pf command. 
I've translated, (I think) all of my rules to the new PF but no luck. It 
really is pretty straight forward, block all in and allow all out. I don't 
have any web/email/etc/ stuff behind it.

Where else can I look? Is this possible in the new version?

- Gary



Edison Information Technologies                 www.EdisonInfo.com
P.O. Box 554                                    Gary@EdisonInfo.com
Milan, OH 44846-0554                               419.499.7040