Date: Sun, 21 Jan 2001 19:35:40 -0500 From: "Cambria, Mike" <mcambria@avaya.com> To: "'cjclark@alum.mit.edu'" <cjclark@alum.mit.edu>, The Babbler <bts@babbleon.org> Cc: freebsd-ipfw@FreeBSD.ORG Subject: RE: IPSEC tunnelling Message-ID: <3A6D367EA1EFD4118C9B00A0C9DD99D7064AE8@rerun.lucentctc.com>
next in thread | raw e-mail | index | archive | help
FYI -- I'm doing it now. If you can read this it works with the following
high level setup:
I'm using IPSec tunnel mode, with ESP, but no authentication. I'm also not
using AH.
I'm also using FreeBSD 4.2-Stable (3.4-Stable didn't work for me; upgrading
to 4.2 now does)
MikeC
Michael C. Cambria Avaya Inc.
Former Enterprise Networks Group of
Lucent Technologies
Voice: (978) 287 - 2807 300 Baker Avenue
Fax: (978) 381 - 6415 Concord, Massachusetts 01742
Internet: mcambria@avaya.com <mailto:mcambria@avaya.com>
-----Original Message-----
From: Crist J. Clark [mailto:cjclark@reflexnet.net]
Sent: Sunday, January 21, 2001 2:24 AM
To: The Babbler
Cc: freebsd-ipfw@FreeBSD.ORG
Subject: Re: IPSEC tunnelling
On Sun, Jan 21, 2001 at 12:40:37AM -0500, The Babbler wrote:
>
> I realize that the official charter of this group is to
work on the
> *new* firewall code, and I'm working at RELEASE, which
doesn't qualify,
> but I have tried freebsd-questions and been met with
overwhelming
> silence, and this seems to me to be the closest group, so
I hope you
> folks will be willing to indulge me. And pointing me at
the doc is more
> than fine. I've tried searching the www.freebsd.org site,
but didn't
> find anything relavent there. Of course I can't recall
any occaison
> when I ever have . . .
>
> Anyway, I'm trying to get my FreeBSD gateway/firewall
machine set up so
> that it will allow my wife's VPN access to work; this
requires IPSEC
> packets to get through.
>
> Has anybody done this? Any helpful hints?
Yes, I have done it. But it depends on the VPN
implementation. NAT,
the basic concept, not natd(8), just plain breaks some
aspects of
IPSEC. If the VPN you are trying to use enforces a policy
that will
not work through NAT... it won't work through NAT. Do you
know what
the policies of the VPN are? What do the logs on the client
(which you
should have access to) and the server (which you may not
have access
to) look like?
--
Crist J. Clark
cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A6D367EA1EFD4118C9B00A0C9DD99D7064AE8>