Date: Thu, 07 Apr 2005 10:44:51 -0700 From: Tom Skeren <tms3@fsklaw.com> To: John Mok <jmok@attglobal.net> Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec Message-ID: <42557193.9090509@fsklaw.com> In-Reply-To: <42556B7E.5030703@attglobal.net> References: <42555C87.7030700@attglobal.net> <425550E6.3080005@fsklaw.com> <42556B7E.5030703@attglobal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
John Mok wrote: > Dear Tom, > > Thank you for your quick reply. > > I would like to know more on the issue. To my understanding, since the > source address of the IP packet from the client would be modified on > the NAT, normally it would fail AH check on the IPsec VPN gateway, or > the FreeBSD NAT has built-in compliance with RFC3947? Yeah, that's correct, and I don't think traversal is supported in FBSD. However, you might be able to use ipsec and racoon to tunnel the NAT to the vpn. I don't know what device is at the other end of the tunnel. I have a 7 office wan tunneled with FreeBSD gateways. Works real spiffy. You might look into that option. > > Thank you, John Mok > > > Tom Skeren wrote: > >> John Mok wrote: >> >>> Hi, >>> >>> I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall >>> + NAT, such that client PC(s) from the NATed internal network could >>> connect to a VPN gateway on the Internet :- >>> >>> client PC ----- FreeBSD Firewall + NAT ---- Internet ---- IPsec VPN >>> gateway >>> 192.168.x.x/16 (e.g. >>> Checkpoint FW-1) >>> (VPN client) >>> >>> I hope someone could help to advise what software is required on the >>> FreeBSD box to NAT traversal work and where to get the HOWTO(s)? >> >> >> >> Should be no problem. >> >> <http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html>; >> >> >>> >>> Thanks a lot. >>> >>> John Mok >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> >> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42557193.9090509>