Date: Mon, 12 May 2008 14:49:50 +0200 From: "Slawek Zak" <slawek.zak@gmail.com> To: freebsd-net@freebsd.org Subject: PF NAT and IPSec (ESP) not working Message-ID: <787bbe1c0805120549m8d80979t3932d091608dbbfa@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I probably do something wrong, and I can't seem to get NAT in PF working with IPSec tunnel mode. Here's the network diagram: (172.16.0.0/16) internal network-- remote end of tunnel AA.AA.AA.AA --- XX.XX.XX.XX re0 (Internet) ----- enc (IPSec) ---- ZZ.ZZ.ZZ.ZZ gif1 --- tun0 --- YY.YY.YY.YY/24 OpenVPN clients I want OpenVPN clients to be NAT'ed to ZZ.ZZ.ZZ.ZZ and then enter the ipsec tunnel, be encrypted and land on the other side. When I've setup NAT using following PF rule: nat pass log on enc0 inet from YY.YY.YY.YY/24 to 172.16.0.0/16 -> ZZ.ZZ.ZZ.ZZ the packets go out on gif1 but are not encrypted (no traffic on enc0). Same for following NAT rule: nat pass log on enc0 inet from YY.YY.YY.YY/24 to 172.16.0.0/16 -> ZZ.ZZ.ZZ.ZZ Help, please! Thanks, /S
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?787bbe1c0805120549m8d80979t3932d091608dbbfa>