Home » Forums » BSD » OpenBSD

VPN (IPSec) Pass through

Submitted by Anonymous
on November 28, 2005 - 5:29pm

I was just wondering if anyone has any experience connecting to outside VPNs from a network secured by an OpenBSD/pf firewall? Outgoing traffic is keep state but that doesn't work. There has to be more to it than just opening port 500. Maybe something to do with the way it randomizes outgoing source ports? Please help, as I am new to OpenBSD...

‹ There is one thing about OpenBSD ... KMV How to set TTL ›

Re: VPN (IPSEC) Pass through

JohnD (not verified)
on
November 29, 2005 - 7:40am

There probably will be more to it than opening port 500 for IKE (that's UDP 500 by the way).

Standard IPSEC connections also use protocols (_not_ ports) 50 & 51, so you may need to open that up. If instead you're using IPSEC NAT traversal, you will probably need to open up destination port UDP 4500 (maybe inbound as well).

Generally speaking, NAT & IPSEC go together like oil & water and various things depend on the implementation you're using. I'm not an OpenBSD expert, so sorry I can't be of more help. Good luck.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.