From owner-freebsd-net@FreeBSD.ORG Mon Jan 16 10:13:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC04A16A420 for ; Mon, 16 Jan 2006 10:13:34 +0000 (GMT) (envelope-from qus2@o2.pl) Received: from rekin14.go2.pl (rekin14.go2.pl [193.17.41.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1174A43D45 for ; Mon, 16 Jan 2006 10:13:33 +0000 (GMT) (envelope-from qus2@o2.pl) Received: from poczta.o2.pl (rekin [127.0.0.1]) by rekin14.go2.pl (o2.pl Mailer 2.0.1) with ESMTP id 8258821401E for ; Mon, 16 Jan 2006 11:13:32 +0100 (CET) MIME-Version: 1.0 From: =?iso-8859-2?Q?Przemyslaw_Szczygielski?= To: freebsd-net@freebsd.org Date: Mon, 16 Jan 2006 11:13:32 +0100 Content-Type: multipart/mixed; boundary="===_=o2.plWebMail-ID163672308==_=_" X-Mailer: o2.pl WebMail v5.28 X-Originator: 160.83.64.94 Message-Id: <20060116101332.8258821401E@rekin14.go2.pl> X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: NAT over IPSECed WLAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 10:13:34 -0000 --===_=o2.plWebMail-ID163672308==_=_ Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Well, for me the config is so complex, that I doubt anyone will waste time on going into my config files, but, well... There's always hope... It's about FreeBSD 6.0 "Gateway", which routes WLAN connected stations to the Internet through NAT. I want IPSEC between WLAN interfaces of "Gateway" and "Clients". Let's say are two machines: 1. "Gateway" is FreeBSD 6.0 and has 2 interfaces: a. fxp0 (public, connecting to the Internet) b. ndis0 (private, 10.2.0.1, serving WLAN clients) 2. "Client" is Windows XP and has 1 interface: a. some interface (private, 10.2.0.2, WLAN) =20 I have a working setup that has working NAT ("Client" sees Internet throuogh NAT on "Gateway", configured as default gateway on Windows), when IPSEC is turned off. I also have working IPSEC between these two machines (they can ping each other) but then NAT stops working (but "Gateway" still connects to the Internet, so i.e. I can putty from "Client" to "Gateway", it goes through IPESECed WLAN, and from putty use Lynx to browse. But can't browse internet on "Client". So to make it short: IPSEC working =3D no NAT. IPSEC off =3D NAT working. I have attached my config files: ipsec.conf, natd.conf, racoon.conf and rc.firewall.rules (please don't ask me why do I have ssh on 5901...) If you can tell me, what went wrong I'd be very grateful. And I will surely write a detailed HOWTO for future generations... ;-) Cheers, Przemek --===_=o2.plWebMail-ID163672308==_=_--