From owner-freebsd-stable Sat Jul 15 15:13:11 2000 Delivered-To: freebsd-stable@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47]) by hub.freebsd.org (Postfix) with ESMTP id 3629437B8A3 for ; Sat, 15 Jul 2000 15:13:06 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.10.1/8.10.1) with ESMTP id e6FMCwK46682; Sat, 15 Jul 2000 15:12:58 -0700 (PDT) Date: Sat, 15 Jul 2000 15:12:57 -0700 (PDT) From: Doug White To: Antony Russell Cc: freebsd-stable@FreeBSD.ORG Subject: Re: natd and VPN client In-Reply-To: <004b01bfee26$a7399540$6a481fc4@oct.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 15 Jul 2000, Antony Russell wrote: > Using the -v option to natd I have discovered that the connection is setup > correctly using UDP. Thereafter the VPN client tries to communicate with the > VPN software with protocol 50 which is defined as ESP (Encapsulating > Security Payload) in the protocols file. Unfortunately natd does not perform > any translation on ESP packets and the VPN connection then fails. This sounds strangely like pptp. > Can anyone out there tell me why natd behaves like this and if it would be > possible to change this behaviour. Alternatively, is there another natd like > application that I could use instead. The natd in -CURRENT and -STABLE after June 20 has a redirect_protocol option that you can use to redirect all inbound ESP packets to a specific internal machine (or vice versa). That or hack natd/libalias to teach it how to NAT ESP packets, which is no small feat. Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message