[ previous ] [ next ] [ threads ]
 
 From:  Nik Clayton <nik at ngo dot org dot uk>
 To:  Mark Pimentel <mpimentel at dsl dot ca>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Nortel Contivity VPN Client
 Date:  Tue, 29 Jun 2004 14:35:41 +0100 
On Thu, Jun 24, 2004 at 11:20:08AM -0400, Mark Pimentel wrote:
> Has anyone had any luck with getting a Nortel Contivity VPN client through the
> m0n0wall?  Doesn't seen to work for me.

If you're using NAT, you need to allow in/outbound traffic between the
VPN endpoint and your internal host (the one that runs the VPN client)
on ports 10001 and 500.

For example, a snippet of my firewall rules table:

   Proto  Source   Port   Destination  Port
   -------------------------------------------------------
   UDP    w.x.y.z  *      a.b.c.d      500
   UDP    w.x.y.z  *      a.b.c.d      10001
   UDP    a.b.c.d  500    w.x.y.z      *
   UDP    a.b.c.d  10001  w.x.y.z      *

Where 

 a.b.c.d is the IP address of the other end of the VPN.  This
 information should be in the configuration settings of the VPN client
 software, and/or your network admins should be able to provide it.

 w.x.y.z is the IP address of your VPN client.  This can be '*' if
 necessary.

N
-- 
FreeBSD: The Power to Serve      http://www.freebsd.org/               (__)
FreeBSD Documentation Project    http://www.freebsd.org/docproj/    \\\'',)
                                                                      \/  \ ^
   --- 15B8 3FFC DDB4 34B0 AA5F  94B7 93A8 0764 2C37 E375 ---         .\._/_)