Date: Wed, 08 Dec 1999 01:42:14 +0000 From: jomor <jomor@ahpcns.com> To: "questions@freebsd.org" <questions@freebsd.org> Subject: Re: can IPFW & NAT co-exist with kame IPSEC? Message-ID: <384DB776.FCC265FC@ahpcns.com> References: <199912070458.MAA00905@netrinsics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Does pipsecd work with ethernet interfaces or is it specifically for PPP? Michael Robinson wrote: > jomor <jomor@ahpcns.com> writes: > >I want to add support for kame IPSEC (for net-to-net tunnelling) > >capability to my existing firewall/NAT box. The box is running freebsd > >3.3-STABLE. I am networking with IP-V4 and don't want to go to V6 at > >this time. Does anyone know if this is possible? > > I don't know if it's possible, but I *do* know it's possible to use > ipfilter+ipnat+pipsecd to achieve the same functionality on one box. > > (And, with a few tricks, also userland ppp, to get a dial-on-demand VPN.) > > >If it's possible, what firewall > >rule modifications do I need so tunnel-bound traffic doesn't get NAT'ed? > > Tunnel-bound traffic with pipsecd is routed to a separate tun device from the > ipnat interface, so this isn't a problem. Tunnel packets appear as esp > packets originating from the gateway interface. > > -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?384DB776.FCC265FC>