From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 12 01:28:23 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7042416A41F
	for <freebsd-questions@freebsd.org>;
	Fri, 12 Aug 2005 01:28:23 +0000 (GMT)
	(envelope-from dopplecoder@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0D9EE43D55
	for <freebsd-questions@freebsd.org>;
	Fri, 12 Aug 2005 01:28:22 +0000 (GMT)
	(envelope-from dopplecoder@gmail.com)
Received: by zproxy.gmail.com with SMTP id z6so316955nzd
	for <freebsd-questions@freebsd.org>;
	Thu, 11 Aug 2005 18:28:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=imcUK4gl3SZaWeIHB4G5XqgYF6KVmhn9wLDjvgpXIkYU4GF8qJen2Lr6117nrpPscsYqxGOts/b3T9+z+PYQFtCb38aLCHVKQO9LzQaQMd4+YO2lsnJJAcZGAWFZvyTlTPiL5wFS3ff5KHsgxcxwgmb9XKtmhxt3UIlKji2rQ7M=
Received: by 10.36.82.9 with SMTP id f9mr2334694nzb;
	Thu, 11 Aug 2005 18:28:22 -0700 (PDT)
Received: by 10.36.128.17 with HTTP; Thu, 11 Aug 2005 18:28:22 -0700 (PDT)
Message-ID: <45d750d205081118282549d6dd@mail.gmail.com>
Date: Thu, 11 Aug 2005 21:28:22 -0400
From: Aaron Peterson <dopplecoder@gmail.com>
To: FreeBSD Questions <freebsd-questions@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: tunneling / IPSec
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2005 01:28:23 -0000

I've recently been through the relatively simple process of setting up
IPSec IP in IP tunnels between two FreeBSD boxes using gif interfaces
for the tunneling portion, native IPSec and the racoon port.

Best I can tell, this only works between two devices whose IP
addresses are directly accessable to each other (no NAT).

I'm wondering if there is an easy way to make this same tunnel work
through NAT, and/or if there is some other easy to implement
alternative that works through NAT.  I was thinking of tunneling the
encrypted IP packets over a TCP connection maybe.  But my thoughts
aren't always the right ones :-)  Is there a pseudo-interface that
allows tunneling over a tcp connection in a similar way to the gif
interface?

Aaron