I have been encountering a bit of trouble getting a fileserver to establish a vpn to my local network. I do not have access to the machines at the moment, so my first question is this - do both machines need to have incoming access to ports 500/4500? I am trying to make the fileserver in question act somewhat like a roadwarrior (although NAT-T should not be needed) in the sense that it is firewalled off.
pf.conf should be irrelevant, as I have added "set skip on enc0" and "pass quick on $ext_if from x.x.x.x". Neither the network B gateway nor network B hosts are able to ping the fileserver and vice versa. Also, ipsecctl -sa shows normal SAD and FLOWS - so it doesn't seem to be a problem with establishing the connection. Here is the information I have at the moment. More to come if needed. Fileserver: 1.2.3.4 (no incoming ports allowed, but not behind NAT) Network B Gateway: 5.6.7.8 Network B: 192.168.1.0/24 Fileserver ipsec.conf: ike esp from 1.2.3.4 to 192.168.1.0/24 peer 5.6.7.8 psk password ike esp from 1.2.3.4 to 5.6.7.8 psk password Network B Gateway ipsec.conf: ike passive esp from 192.168.1.0/24 to 1.2.3.4 psk password ike passive esp from 5.6.7.8 to 1.2.3.4 psk password
