Date: Wed, 24 Apr 2019 04:38:55 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Wojciech Puchar <wojtek@puchar.net> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: openvpn and system overhead Message-ID: <9db03cf0-e9a7-31b6-5d88-a9091e772f5c@grosbein.net> In-Reply-To: <alpine.BSF.2.20.1904232005500.40502@puchar.net> References: <alpine.BSF.2.20.1904171707030.87502@puchar.net> <0cc6e0ac-a9a6-a462-3a1e-bfccfd41e138@grosbein.net> <alpine.BSF.2.20.1904191841200.44949@puchar.net> <5CBAB88C.4020402@grosbein.net> <alpine.BSF.2.20.1904221731560.76479@puchar.net> <5CBE803B.8060505@grosbein.net> <alpine.BSF.2.20.1904232005500.40502@puchar.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Moving to net@ 24.04.2019 1:06, Wojciech Puchar wrote: >>> can IPSEC VPN work over nat? even freebsd-freebsd case. >>> >>> I cannot find any tutorial how to do this. >> >> FreeBSD 11.1 and later supports IPSec NAT Traversal out-of-the-box. >> >> >> > so do you have an URL for guide how to do this. i have no real knowlege of this and would like to test it, first in my home router. > > my server have of course static public IP, but clients may have anything You just run an IKE daemon of choice (ipsec-tools/racoon, strongswan etc.) And optionally run mpd5 daemon if you need to support IPSec/L2TP clients too. GENERIC kernel and standard daemon configuration is enough, no secrect knowledge. Just don't forget to enable NAT-T while configuring IKE daemon.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9db03cf0-e9a7-31b6-5d88-a9091e772f5c>