On Thu, 1 Feb 2001, Dean Carey wrote:

> I am perhaps stupidly stuck at the moment! I have created a successful
> VPN tunnel to my OBSD firewall and want to access an FTP server on the
> internal LAN (or mail server for that matter). However I cannot unless I
> change my rules to ipf.open to test the problem. Any advice on what I am
> missing in my rule base to permit VPN traffic to act as if it was on the
> internal LAN?

All IPSEC traffic (unless you're playing with some of the more funky
features) travels via the 'enc0' interface.

So, if you're happy that your IPSEC config/policy doesn't expose you to
IPSEC traffic sourced from nasty people, then you can just "pass in on
enc0" and "pass out on enc0" (depending of course on how your ruleset is
laid out).

Also, if you "ifconfig enc0 up", then you can "tcpdump -i enc0" to see
what is going on.

Hope this helps.

Adrian Close email: adrianesec.com.au
Network Architect phone: +61 3 8371 5300
eSec Limited fax: +61 3 8371 5399
"Protecting your e-business..." web: http://www.esec.com.au

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]