From owner-freebsd-net Thu Mar 18 14: 5:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 9593315530 for ; Thu, 18 Mar 1999 14:05:17 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id OAA94934; Thu, 18 Mar 1999 14:04:27 -0800 (PST) From: Archie Cobbs Message-Id: <199903182204.OAA94934@bubba.whistle.com> Subject: Re: SKIP on 3.1 In-Reply-To: <19990318135512.B15602@orbit.flnet.com> from Charles Henrich at "Mar 18, 99 01:55:12 pm" To: henrich@flnet.com (Charles Henrich) Date: Thu, 18 Mar 1999 14:04:26 -0800 (PST) Cc: freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Charles Henrich writes: > Im attempting to build a skip tunnel between two machiens that are tunning > IPFW+NAT ... So basically in pictures: > > > 10.x <---> [IPFW+NAT] <---> The Internet <--> [IPFW+NAT] <---> 10.x > > I want to build a VPN between the two 10 networks... Any suggestions, points > hints, RTFM's (which M? :) etc? Thanks! > > ===== > > My problem is I cant see how to create a VPN link between the two 10 networks > without going through the NAT translation, which would totally break the VPN > software. Any ideas? Don't use NAT at all, just do SKIP in tunnel mode and use the -f flag to skiphost to make sure the source address for your packets is the routable address and not the 10.x address. If you *also* want address translation for the 10.x nets to reach the outside world, this is do-able but takes some care (I've never done it myself). See the notes in README.FreeBSD. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message