Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 May 2001 15:44:56 -0700
From:      steve@Watt.COM (Steve Watt)
To:        questions@freebsd.org
Cc:        freebsd@hermans.ca
Subject:   Re: VPN solutions ... using IPSEC *AND* NAT
Message-ID:  <200105042244.f44MiuY92230@wattres.Watt.COM>
In-Reply-To: <000001c0d46e$2feb6160$6419a8c0@jamie>

next in thread | previous in thread | raw e-mail | index | archive | help
In article <000001c0d46e$2feb6160$6419a8c0@jamie> freebsd@hermans.ca wrote:
>Has anyone been successful getting IPSEC and NAT to play nicely together?
>
>I'm currently using a PPP over SSH tunnel, but ideally would like to get
>something working that was not client -> server based as is with this PPP
>setup.
>
>Any pointers would be GREATLY appreciated.

Is the machine that's doing NAT the same as the machine doing IPsec?

If not, you'll have to arrange for IP protocol 50 to be passed (and
NATed) through your translator.  If your translator is some flavor
of router (don't remember which at the instant), opening UDP port
500 for ISAKMP will automagically redirect proto 50 and 51 (esp and
ah), but that isn't universal behavior.

Now, if someone wants to update libalias so it handles IPPROTO_ESP...

-- 
Steve Watt KD6GGD  PP-ASEL-IA          ICBM: 121W 56' 57.8" / 37N 20' 14.9"
 Internet: steve @ Watt.COM                         Whois: SW32
   Free time?  There's no such thing.  It just comes in varying prices...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105042244.f44MiuY92230>