Date: Sun, 9 Apr 2000 21:15:27 -0700 (PDT) From: Andy McConnell <andym@houseofcats.org> To: freebsd-isp@freebsd.org Subject: natd and passing ipsec data Message-ID: <Pine.BSF.4.10.10004071019390.33403-100000@neroon.houseofcats.org>
next in thread | raw e-mail | index | archive | help
I'm looking for a workaround to allow hosts on a private IP subnet to
setup ipsec VPNs through a natd implementation.
I am using FreeBSD 3.4-RELEASE now as the natd/ipfw and router. I have a
10.0.0.0/24 subnet inside, using a single IP address on the outside for
NAT.
I am looking to use a standard IPSec client (which uses AH and ESP, as
well as IKE (udp port 500)) on one fo the inside clients. I know AH won't
work, but ESP *should* according to other recommendations.
I think now that the flavor of NAT I'm running will only support UDP and
TCP. I get the feeling that other IP flavors (protocols 50 and 50, AH and
ESP) are ignored by this version of natd.
I have heard some reports from people running a Cisco PIX firewall that
Cisco's NAT could do this.
Has anyone had success in this using a FreeBSD natd?
-Andy
--
Andy McConnell andym@houseofcats.org
Those who make peaceful revolution impossible will make violent
revolution inevitable.
-- John F. Kennedy
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10004071019390.33403-100000>