Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Nov 2003 12:46:24 -0500
From:      Vincent Goupil <vgoupil@alis.com>
To:        "'freebsd-ipfw@freebsd.org'" <freebsd-ipfw@freebsd.org>, "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>, "'freebsd-isp@freebsd.org'" <freebsd-isp@freebsd.org>
Subject:   IPSec VPN & NATD (problem with alias_address vs redirect_address)
Message-ID:  <F7D4BDA0E5A1D14B99D32C022AEB7366FE109C@alis-2k.alis.domain>

Next in thread | Raw E-Mail | Index | Archive | Help
I setup a firewall with ipfw2 and natd on freebsd 4.9 release.

I have mapped my subnet with alias_address
I have mapped 4 private ip address with 4 public ip address

Everything is working fine (web, email, ftp, etc..) for outgoing and
incoming connexion for anyone on my network.

With this configuration, 5 person at a time (on my network) could dial =
to
the same VPN server.
4 with different IP and the one with the alias_address.  I supposed =
that
only one person at a time can use the alias_address with the IPSec VPN =
(I
think, tell me if I'm wrong)

I have authorized AH and ESP to pass through my firewall.
Also incoming UDP 500

I'm able to use the VPN for the people mapped with alias_address.
I can't use the VPN with the people using the redirect_address.

Is there any problem with the redirect_address directive with natd for =
the
protocol 51 and 51.

Is there any other way to have these 5 people at the same time to
communicate to the same vpn server ?
I though that I could use the redirect_address to do that.  So the =
incoming
connexion to the VPN server appear from a different IP source address.

Vincent Goupil
Administrateur r=E9seau / Network administrator



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?F7D4BDA0E5A1D14B99D32C022AEB7366FE109C>