Having some problems with two hardware vpn devices (a sonicwall and a linksys) connecting through the openBSD 3.7 pf/nat firewall (just one at this end).
It appears the the isakmp communication is fine. The state table shows: ----------------------------- self udp remote_vpn_ip:500 <- private_vpn_ip.1:500 MULTIPLE:MULTIPLE self udp private_vpn_ip:500 -> local_public_ip:62370 -> remote_vpn_ip:500 MULTIPLE:MULTIPLE ----------------------------- And every once in a while there will also be: ----------------------------- self esp remote_vpn_ip <- private_vpn_ip NO_TRAFFIC:SINGLE ----------------------------- Do any of these sysctl.conf items need to changed from the default to support this? ----------------------------- #net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol #net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol #net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation ----------------------------- Basic setup is: ----------------------------- nat on $ext_if inet from $private_vpn_ip to $remote_vpn_ip -> $local_public_ip ----------------------------- pass in on $private_vpn_if inet from $private_vpn_ip to $remote_vpn_ip keep state ----------------------------- pass out on $ext_if from $private_vpn_ip to $remote_vpn_ip keep state ----------------------------- Where $local_public_ip is an ip alias (valid,public,routable) on the $ext_if nic. Thanks for any assistance. Chris
