Date: Sun, 21 Jan 2001 19:35:40 -0500 From: "Cambria, Mike" <mcambria@avaya.com> To: "'cjclark@alum.mit.edu'" <cjclark@alum.mit.edu>, The Babbler <bts@babbleon.org> Cc: freebsd-ipfw@FreeBSD.ORG Subject: RE: IPSEC tunnelling Message-ID: <3A6D367EA1EFD4118C9B00A0C9DD99D7064AE8@rerun.lucentctc.com>
next in thread | raw e-mail | index | archive | help
FYI -- I'm doing it now. If you can read this it works with the following high level setup: I'm using IPSec tunnel mode, with ESP, but no authentication. I'm also not using AH. I'm also using FreeBSD 4.2-Stable (3.4-Stable didn't work for me; upgrading to 4.2 now does) MikeC Michael C. Cambria Avaya Inc. Former Enterprise Networks Group of Lucent Technologies Voice: (978) 287 - 2807 300 Baker Avenue Fax: (978) 381 - 6415 Concord, Massachusetts 01742 Internet: mcambria@avaya.com <mailto:mcambria@avaya.com> -----Original Message----- From: Crist J. Clark [mailto:cjclark@reflexnet.net] Sent: Sunday, January 21, 2001 2:24 AM To: The Babbler Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: IPSEC tunnelling On Sun, Jan 21, 2001 at 12:40:37AM -0500, The Babbler wrote: > > I realize that the official charter of this group is to work on the > *new* firewall code, and I'm working at RELEASE, which doesn't qualify, > but I have tried freebsd-questions and been met with overwhelming > silence, and this seems to me to be the closest group, so I hope you > folks will be willing to indulge me. And pointing me at the doc is more > than fine. I've tried searching the www.freebsd.org site, but didn't > find anything relavent there. Of course I can't recall any occaison > when I ever have . . . > > Anyway, I'm trying to get my FreeBSD gateway/firewall machine set up so > that it will allow my wife's VPN access to work; this requires IPSEC > packets to get through. > > Has anybody done this? Any helpful hints? Yes, I have done it. But it depends on the VPN implementation. NAT, the basic concept, not natd(8), just plain breaks some aspects of IPSEC. If the VPN you are trying to use enforces a policy that will not work through NAT... it won't work through NAT. Do you know what the policies of the VPN are? What do the logs on the client (which you should have access to) and the server (which you may not have access to) look like? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A6D367EA1EFD4118C9B00A0C9DD99D7064AE8>