Home » Mailing list archives » openbsd-misc » 2007 » July » 11

Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Stephen J. Bevan
Subject: Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server
Date: Tuesday, July 10, 2007 - 11:08 pm

Siju George writes:
 > All outbound TCP, UDP and ICMP traffic from the LAN is let out through PF.
 > 
 > I am able to connect to another Fortigate IPSEC VPN Server on the
 > Internet using Forticlient on the same XP system but no data
 > communication happens between them.
 > 
 > I tried connecting from a network that is not firewalled by OpenBSD
 > and the VPN connection to the same Fortigate Server is working fine
 > and I am able to access the internal machines.
 > 
 > Is there any other traffic I should allow other than TCP,UDP,ICMP on
 > the firewall to connect and pass traffic between the Fortigate VPN
 > server and the XP system using Forticlient?

You didn't indicate whether the OpenBSD 4.0 is doing NAPT for your XP
box or you have a binat setup.  If NAPT then you must enable NAT
traversal on the FortiGate.  If you have setup a binat then you have
the choice of enabling NAT traveral on the FortiGate or modifying pf
to allow ESP (protocol 50) in&out.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Issues Using Forticlient behind an OpenBSD Firewall to con ..., Siju George, (Tue Jul 3, 5:36 am)
Re: Issues Using Forticlient behind an OpenBSD Firewall to ..., Vijay Sankar, (Tue Jul 3, 5:49 am)
Re: Issues Using Forticlient behind an OpenBSD Firewall to ..., Peter N. M. Hansteen, (Tue Jul 3, 6:00 am)
Issues Using Forticlient behind an OpenBSD Firewall to con ..., Stephen J. Bevan, (Tue Jul 10, 11:08 pm)