Hi, Кто сталкивался с проблемой доступа из Интернета к корпоративному VPN серверу (WinServer2003), который находится за натом. NAT организован средствами PF.
В правилах есть разрешение на доступ к серверу ВПН
rdr pass on $ext_if inet proto tcp from any to $ext_if port 1723 -> $vpn_serv 1723
Правила для NAT
nat on $ext_if tag INET tagged INET -> $ext_if
pass out quick on $ext_if inet tagged INET
pass in quick on $int_if from $lan to any tag INET
В логах ВПН сервера следующее. Говорит что мол gre не проходит.
Description:
A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
Вобщем нужна помощь.
Заранее благодарю.