星期五, 5月 18, 2007

Windows VPN 需要在防火牆開的port

最近換成FreeBSD的Firewall,所以得自己設定port。原本偷懶使用雙向NAT,以下是pf.conf裏的NAT設定
# VPN搞不定時用 binat
binat on $ext_if from $vpn_ip to any -> $ext_vpn_ip
找到VPN servers and firewall configuration(英文版VPN servers and firewall configuration
裏寫得很清楚:
TCP port 1723
UDP port 500、1701、4500
IP protocol 47與50
以下是 pf.conf裏的設定
# VPN的NAT
nat on $ext_if from $vpn_ip to any -> $ext_vpn_ip
# VPN 轉 port
rdr on $ext_if proto tcp from any to $ext_vpn_ip port 1723 -> $vpn_ip port 1723
rdr on $ext_if proto udp from any to $ext_vpn_ip port 1701 -> $vpn_ip port 1701
rdr on $ext_if proto {47, 50} from any to $ext_vpn_ip -> $vpn_ip
rdr on $ext_if proto udp from any to $ext_vpn_ip port 4500 -> $vpn_ip port 4500
rdr on $ext_if proto udp from any to $ext_vpn_ip port 500 -> $vpn_ip port 500
rdr on $ext_if proto udp from any to $ext_vpn_ip port 1701 -> $vpn_ip port 1701

沒有留言: