[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN Client (PPtP) behind OpenBSD 3.0 doing NAT..
On Thu, 14 Mar 2002 12:19:22 -0700
kjell@pintday.org hit the keyboard and punched:
> > I fought this for a few days too. I finally went back to
> > OpenBSD 2.9 which worked just fine. Maybe a future 3.x
> > version will work, don't know. I think it is a problem with
> > the pf program which just hasn't matured enough yet. I do
> > know that I liked the 3.0 version alot better and swear it
> > was faster. Unforturnately, I have to have the vpn working
> > for my clients.
>
> Support for non-TCP/UDP/ICMP protocols (ie - GRE, ESP) was added after
> 3.0. I have fairly good succes running a mid-january pf codebase
> on 3.0-stable for customers who need VPN..
Excuse me for bumping into your discussion, but this matter concerns me
too...
I had 2 OBSD 2.8 machines, which I am right now upgrading to 3.0-stable
(check... yes, make build is still running... ). The reason for upgrading
these is that I need to provide VPN connectivity for branch offices and
remote clients. I read somewhere that IPSec in 2.8 was bas. So ok, lets go
to 3.0.
But exactly what are you stating here? That GRE/ESP (needed for IPSec)
were added _after_ 3.0? Wasn't it in OpenBSD since 2.4 or something?
Does this mean that I cannot use IPSec with 3.0?
I'm a bit confused here, don't really know if this applies to me or not.
What I want to do is connect my branch offices using OpenBSD on my end
and an IPSec-enabled router/fw combo on the other end. For the remote
stand-alone clients, I think I should use L2TP or PPTP.
Which of this is affected and won't work?
I'd be glad if you could straighten things out for me...
Thanx.
--
Rickard
.--. .--.
.----------------------------------------. | | | | .-.
| Rickard Borgmäster | | | | |/ /
| doktorn@sub.nu | .-^ | .--. | <
| http://doktorn.sub.nu/ | ( o | ( () ) | |\ \
`----------------------------------------' `-----' `--' `--' `--'