Date: Thu, 24 Aug 2017 13:36:15 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Jimmy Olgeni <olgeni@olgeni.com>, freebsd-net@freebsd.org Subject: Re: NAT-before-ipsec using if_ipsec Message-ID: <9432b56b-b8d4-dfa0-8508-194afd75381c@yandex.ru> In-Reply-To: <alpine.BSF.2.21.1708241128100.3680@backoffice.local> References: <alpine.BSF.2.21.1708241128100.3680@backoffice.local>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --i6iGu1qdcvqoWU9FRJ2e5OaVK0sFw81HH Content-Type: multipart/mixed; boundary="RMpLCvRixtFlPQsbCLiQUhucbkRSFSdMR"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Jimmy Olgeni <olgeni@olgeni.com>, freebsd-net@freebsd.org Message-ID: <9432b56b-b8d4-dfa0-8508-194afd75381c@yandex.ru> Subject: Re: NAT-before-ipsec using if_ipsec References: <alpine.BSF.2.21.1708241128100.3680@backoffice.local> In-Reply-To: <alpine.BSF.2.21.1708241128100.3680@backoffice.local> --RMpLCvRixtFlPQsbCLiQUhucbkRSFSdMR Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 24.08.2017 12:38, Jimmy Olgeni wrote: >=20 > Hi, >=20 > I came up with a working setup of if_ipsec, and was wondering if now > it would be possible to perform NAT before ipsec using the resulting > 'ipsec0' interface. >=20 > The native PF solution seemed to be this: >=20 > nat on ipsec0 from 172.30.1.1/28 to any -> 172.30.1.1 >=20 > But while it works on external interfaces, it does nothing for ipsec. Can you describe your configuration, it is not clear to me, how you expect it should work? --=20 WBR, Andrey V. Elsukov --RMpLCvRixtFlPQsbCLiQUhucbkRSFSdMR-- --i6iGu1qdcvqoWU9FRJ2e5OaVK0sFw81HH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlmerCAACgkQAcXqBBDI oXqaRAf9EQxmRS+uHpfGmx9eMnqWszJYw+loR/y1hN/w1NuwW308V84hKmUOdyyi GN4xSaQb72pzvtpka0IZ8ljSxfsTqth3tJgk+BSRxBqS+FzLnXS2OS9Yr3q80zQM IrPAQ9lQ8bHN+4xUok02C0geOGbFDs4eq2cIfPCMSvoSY0APU0tdrJvAjCiol6LH DVhRt2T7Wl/1QNgwPMwBhDGOYUbBcAKPZxuYgRKHQ1y5PKLRjKcrqHKeGN00ufGM 9rLCW0wxeJEDzcJagpH3OowjN4D1P+GzTOcD5sAw+PD722ezwF1oTdjtMuC4yzrF 0vicqm53EVeB45TeMmYS5AIqbfHvRg== =oMu9 -----END PGP SIGNATURE----- --i6iGu1qdcvqoWU9FRJ2e5OaVK0sFw81HH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9432b56b-b8d4-dfa0-8508-194afd75381c>