From owner-freebsd-net@FreeBSD.ORG  Mon Mar 10 18:25:59 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id DCF4B38D
 for <freebsd-net@freebsd.org>; Mon, 10 Mar 2014 18:25:59 +0000 (UTC)
Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com
 [IPv6:2a00:1450:400c:c03::22b])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6753FCCD
 for <freebsd-net@freebsd.org>; Mon, 10 Mar 2014 18:25:59 +0000 (UTC)
Received: by mail-we0-f171.google.com with SMTP id t61so9015169wes.2
 for <freebsd-net@freebsd.org>; Mon, 10 Mar 2014 11:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:from:to:cc:subject:in-reply-to:references:user-agent:date
 :message-id:mime-version:content-type:content-transfer-encoding;
 bh=d4JqTV4rBW2g3GO7XmfQhY9iPTvHuP1QhQLqHJqIhr0=;
 b=rv02LP/9qVLfsHBMgtd9QGOzxSOP4SVOCwCj7nZcUU7cx4on3sDm16JaGJeWqdpOH2
 J+r7vS6azMCv8ozXKJS9kKtaJxoUl2A+aP524P62g2FSz4NJUvcqAkJaPBYeAA0tyhBl
 NGNCNdZIk1wWCYY+X7twakIj9ha3ZjwwAi5DLHjTsvQ5fGra75cWEF4ryLpa861d2Ayh
 GTEo16GL4NR47h6avGIJ8rTN6ha7LMkVvZWPzCalAtYMesra3C0N6HnRcMEatzE1lhBY
 0YpkFZi4z12g3GOnp8sVAxI0hQ8aTY2e2qZF2ALN5rnenfIq27iqAXzSu9cm/893KuWj
 i7ig==
X-Received: by 10.194.63.103 with SMTP id f7mr9953698wjs.38.1394475957654;
 Mon, 10 Mar 2014 11:25:57 -0700 (PDT)
Received: from srvbsdfenssv.interne.associated-bears.org
 (LCaen-151-92-21-48.w217-128.abo.wanadoo.fr. [217.128.200.48])
 by mx.google.com with ESMTPSA id h9sm54063957wjz.16.2014.03.10.11.25.56
 for <multiple recipients>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 10 Mar 2014 11:25:56 -0700 (PDT)
Sender: Eric Masson <emss.mail@gmail.com>
Received: from srvbsdfenssv.interne.associated-bears.org (localhost
 [127.0.0.1])
 by srvbsdfenssv.interne.associated-bears.org (Postfix) with ESMTP id
 014E5CF294; Mon, 10 Mar 2014 19:25:55 +0100 (CET)
X-Virus-Scanned: amavisd-new at interne.associated-bears.org
Received: from srvbsdfenssv.interne.associated-bears.org ([127.0.0.1])
 by srvbsdfenssv.interne.associated-bears.org
 (srvbsdfenssv.interne.associated-bears.org [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id N4gj7IBD3dbA; Mon, 10 Mar 2014 19:25:54 +0100 (CET)
Received: by srvbsdfenssv.interne.associated-bears.org (Postfix,
 from userid 1001)
 id 104F1CF28F; Mon, 10 Mar 2014 19:25:54 +0100 (CET)
From: Eric Masson <emss@free.fr>
To: "John W. O'Brien" <john@saltant.com>
Subject: Re: [FreeBSD 10.0] nat before vpn, incoming packets not translated
In-Reply-To: <531A5FBF.1000507@saltant.com> (John W. O'Brien's message of
 "Fri, 07 Mar 2014 19:09:35 -0500")
References: <868uu4rshh.fsf@srvbsdfenssv.interne.associated-bears.org>
 <53193371.4090603@saltant.com>
 <09B6BE02-2F04-41A1-AC0D-9A7943F88086@openresearch.com>
 <86siqtluns.fsf@srvbsdfenssv.interne.associated-bears.org>
 <531A5FBF.1000507@saltant.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix)
X-Operating-System: FreeBSD 9.2-RELEASE-p3 amd64
Date: Mon, 10 Mar 2014 19:25:53 +0100
Message-ID: <86siqpj4ge.fsf@srvbsdfenssv.interne.associated-bears.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>,
 Philipp Schmid <philipp.schmid@openresearch.com>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 18:25:59 -0000

"John W. O'Brien" <john@saltant.com> writes:

Hi John,

> I haven't done the mind meld with "reverse" yet. 
> Could you comment on why you need to operate in a reversed NAT
> environment?

In this particular case, this is a test lab.
The purpose of this kind of setup is the following :
- administrator of the remote lan demands your endpoint to be seen as a
  unique ip address on his ipsec device.
- subnet ranges on each side conflict, so one must be natted.

> What is it that's being reversed, and how does that apply to your use
> case?

Packets from local lan to remote lan are natted on the internal
interface of gateway1 (source address is translated to match the ipsec
policy)

Regards

Éric