Date: Sun, 08 Nov 2009 18:48:23 +0100 From: Eric Masson <emss@free.fr> To: "Bjoern A. Zeeb" <bz@FreeBSD.org> Cc: freebsd-net@freebsd.org, vanhu <vanhu@FreeBSD.org> Subject: Re: IPSec, nat on enc device Message-ID: <863a4o52mw.fsf@srvbsdnanssv.interne.kisoft-services.com> In-Reply-To: <86tyxp6vfh.fsf@srvbsdnanssv.interne.kisoft-services.com> (Eric Masson's message of "Sat, 24 Oct 2009 10:35:46 %2B0200") References: <861vkzlula.fsf@srvbsdnanssv.interne.kisoft-services.com> <9a542da30910190707q7eb173d9xf9085d220a213db1@mail.gmail.com> <86eiozjt6p.fsf@srvbsdnanssv.interne.kisoft-services.com> <20091019200549.GA9766@zeninc.net> <864opuk0e6.fsf@srvbsdnanssv.interne.kisoft-services.com> <20091020174351.T5956@maildrop.int.zabbadoz.net> <86tyxp6vfh.fsf@srvbsdnanssv.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric Masson <emss@free.fr> writes: Hi Bjoern, > Ok, I've never used ipfw so shot in the dark. > > If I had to nat 192.168.85.0/24 to 10.0.0.1 to access 192.168.201.0/24, > I would have to setup the following : > > ipfw add divert natd all from 192.168.85.0/24 to 192.168.201.0/24 in > natd -alias_address 10.0.0.1 > setkey -c << EOD > spdadd 10.0.0.1/32 192.168.201.0/24 any -P out ipsec > esp/tunnel/mygw-theirgw/require ; > spdadd 192.168.201.0/24 10.0.0.1/32 any -P in ipsec > esp/tunnel/theirgw-mygw/require ; > EOD > > Does it seem reasonable or do I miss something ? Seems I miss something, as tests don't work at all. Could you elaborate on incoming nat & ipsec please ? Regards -- J'ai reçu un mail parlant d'un petit garçon malade. Je l'ai transféré à tous ceux que je connaissais. On me dit que c'est un attrape couillons. Est-ce vrai? Suis-je vraiment aussi con que le prétend ma femme? -+-C in GNU - Le plus dur dans le mariage, c'est d'en sortir vivant -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?863a4o52mw.fsf>