[vpn-help] Policy configuration
Michael Ragusa
michael.ragusa at ai.net
Tue Mar 14 04:31:30 CST 2006
Matthew Grooms wrote:
> Michael Ragusa wrote:
>
>> Matthew Grooms wrote:
>>
>> FreeBSD lance.ai.net 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Sun
>> Feb 12 17:46:15 EST 2006 ainet@:/usr/obj/usr/src/sys/ROUTER i386
>>
>> my pf rules are
>> # IPSEC options
>> pass in quick proto esp from any to any
>> pass in quick proto ah from any to any
>> pass in quick proto ipencap from any to any
>> pass in quick proto udp from any to any port = 4500
>> pass in quick proto udp from any port = 500 to any port = 500
>> pass in quick on gif0 from any to any
>> pass out quick proto esp from any to any
>> pass out quick proto ah from any to any
>> pass out quick proto ipencap from any to any
>> pass out quick proto udp from any to any port = 4500
>> pass out quick proto udp from any port = 500 to any port = 500
>> pass out quick on gif0 from any to any
>>
>> the esp packets get sent from the client but nothing comes back from
>> the gateway
>>
>
> Ahh, I am a FreeBSD/pf man myself :) I would add something like ...
>
> # allow remote vpn clients to the office
> pass quick from 10.246.37.0/24 to 10.246.38.0/24 keep state
>
> # allow the office to remote vpn clients
> pass quick from 10.246.38.0/24 to 10.246.37.0/24 keep state
>
> and then reload the ruleset. Let me know how it goes.
>
> -Matthew
>
>
>
dude fucking awesome it works. thank you so much for your help. :) keep
up the good work. :)
i added those pf rules and deleted those other spd policies like you
said :) works great now
More information about the vpn-help
mailing list