Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 9 Aug 2000 09:58:08 -0400 (EDT)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        Benjamin Gavin <virtual_olympus@yahoo.com>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: NATD and non-UDP/TCP packets
Message-ID:  <200008091358.JAA18502@khavrinen.lcs.mit.edu>
In-Reply-To: <20000809023338.12896.qmail@web311.mail.yahoo.com>
References:  <20000809023338.12896.qmail@web311.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
<<On Tue, 8 Aug 2000 19:33:38 -0700 (PDT), Benjamin Gavin <virtual_olympus@yahoo.com> said:

>   Hmmmm...  I may be going braindead (P.S.  What's an SA?), but will this

Security Association.  IPSEC cryptographic parameters are indexed on
both endpoints using the tuple <source-IP,dest-IP,SAID>, so if you
change either address you have irretrievably corrupted the packet.
(The fact that IPSEC can't be NAT'ed is considered by many people to
be a Good Thing.)

> be possible on the same firewall box??  How will the routing work, even
> assuming I can get the proper clients for FreeBSD? (Now: I've thought
> about it more, and do you mean setting up a server-server tunnel, then
> routing traffic through it and not having the clients have tunnel software
> installed??  I'm not concerned about the traffic on the local nets, just
> across the internet.  I've done that type of thing before, but I don't
> know if it will apply to this problem :( ).

I can't parse this.

>   It may be appropriate to include (which I missed in my original message)
> that I am running FreeBSD 3.5-STABLE (mentioned earlier), and that I
> am

You'll need the KAME kit for FreeBSD 3.5 in order to terminate an
IPSEC tunnel there.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008091358.JAA18502>