Board index OpenBSD

can't get PPTP VPN working with ipfw & nat

can't get PPTP VPN working with ipfw & nat

Post by darksta » Sat, 03 May 2003 21:53:58



Here's the situation--I have a cable modem connected to my computer with
2 ethernet cards. I'm using ipfw & natd to do firewall and ip forwarding
duties. My girlfriend's computer can connect to the internet with no
problems, but she can't get her citrix vpn client to connect, even if I
change the firewall rules to this:

00100 divert 8668 ip from any to any via en1
00200 allow ip from 192.0.0.0/8 to any in
00300 allow ip from any to 192.168.150.0/24
00400 allow log ip from any to any

If she connects directly to the cable modem it works with no problem.

Anyone know what I'm missing here? The help desk at her employer says it
should work without 1 to 1 nat, but won't give me any specifics as they
only support their own hardware.

My private network address range is 192.168.150.1 (my machine) thru
192.168.150.10

TIA

--
Remove "X" from address to reply

 
 
 
Top

can't get PPTP VPN working with ipfw & nat

Post by erik » Sat, 03 May 2003 22:20:11



> Here's the situation--I have a cable modem connected to my computer
> with 2 ethernet cards. I'm using ipfw & natd to do firewall and ip
> forwarding duties. My girlfriend's computer can connect to the
> internet with no problems, but she can't get her citrix vpn client to
> connect, even if I change the firewall rules to this:

> 00100 divert 8668 ip from any to any via en1
> 00200 allow ip from 192.0.0.0/8 to any in
> 00300 allow ip from any to 192.168.150.0/24
> 00400 allow log ip from any to any

> If she connects directly to the cable modem it works with no problem.

> Anyone know what I'm missing here? The help desk at her employer says
> it should work without 1 to 1 nat, but won't give me any specifics as
> they only support their own hardware.

> My private network address range is 192.168.150.1 (my machine) thru
> 192.168.150.10

> TIA

In case you hadn't noticed: this newsgroup cannot answer you. It is all
about OpenBSD, and its own packetfilter pf. Of course pf is far
superior to ipfw so we, the group do not know anything about the lower
forms of life. ;-).

O, and pptp is something fundamentally different from citrix.

pptp uses tcp ports 1723 and protocol gre. citrix something else.

EJ
--
Remove the obvious part (including the dot) for my email address

 
 
 
Top

1. Trouble Getting VPN PPTP via NAT to work

2. Add small C99 named initializers to fs/bio.c

3. citrix vpn, ipfw & nat

4. TERM 1.0.9 is out.

5. Getting Linux PPTP-Client working with MS VPN server

6. Linux 2.4.21-pre7 acpi warning fix

7. Finding VPN Masquerade's IPSEC & PPTP kernel modules?

8. What's the matter with "clock -r [-w]"?

9. many many pptp vpn clients through debian fw/NAT

10. Getting NAT, IPFW, PPOE configured with RELEASE-4.1

11. VPN NAT && 2.4 kernel

12. pptp, natd & ipfw question

13. OpenBSD 2.9 (IPF & NAT) Firewall & Microsoft VPN problem


All times are UTC
Board index