From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 10:40:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2480916A420 for ; Mon, 16 Jan 2006 10:40:15 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94F7A43D64 for ; Mon, 16 Jan 2006 10:40:09 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 273081FFAD4; Mon, 16 Jan 2006 11:40:08 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 087E11FFAD2; Mon, 16 Jan 2006 11:40:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id D450844487E; Mon, 16 Jan 2006 10:37:37 +0000 (UTC) Date: Mon, 16 Jan 2006 10:37:37 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: =?iso-8859-2?Q?Przemyslaw_Szczygielski?= In-Reply-To: <20060116101332.8258821401E@rekin14.go2.pl> Message-ID: <20060116103054.J24703@maildrop.int.zabbadoz.net> References: <20060116101332.8258821401E@rekin14.go2.pl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@freebsd.org Subject: Re: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 10:40:15 -0000 On Mon, 16 Jan 2006, Przemyslaw Szczygielski wrote: Hi, > Well, for me the config is so complex, that I doubt anyone will > waste time on going into my config files, but, well... There's > always hope... > > It's about FreeBSD 6.0 "Gateway", which routes WLAN connected > stations to the Internet through NAT. I want IPSEC between WLAN > interfaces of "Gateway" and "Clients". .... The only thing I can say up to now is "works here" so there is hope though the setup here is a bit more complicated (more interfaces, more ipsec, etc.. ;-). > I have attached my config files: ipsec.conf, natd.conf, racoon.conf > and rc.firewall.rules (please don't ask me why do I have ssh on 5901...) The attachments got removed for the mailing list posting. I don't know if you really want to reveal all the details to public. > If you can tell me, what went wrong I'd be very grateful. And I will > surely write a detailed HOWTO for future generations... ;-) What firewall are you using? ipfw? In case you may want to contact me offlist feel free to do so. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT