From owner-freebsd-small  Fri Jan  5 19:44:38 2001
From owner-freebsd-small@FreeBSD.ORG  Fri Jan  5 19:44:36 2001
Return-Path: <owner-freebsd-small@FreeBSD.ORG>
Delivered-To: freebsd-small@freebsd.org
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47])
	by hub.freebsd.org (Postfix) with ESMTP id 965D437B400
	for <freebsd-small@FreeBSD.ORG>; Fri,  5 Jan 2001 19:44:36 -0800 (PST)
Received: from localhost (dwhite@localhost)
	by resnet.uoregon.edu (8.10.1/8.10.1) with ESMTP id f063iWp01739;
	Fri, 5 Jan 2001 19:44:32 -0800 (PST)
Date: Fri, 5 Jan 2001 19:44:32 -0800 (PST)
From: Doug White <dwhite@resnet.uoregon.edu>
To: John Giacomoni <jgiacomoni@ombra.org>
Cc: freebsd-small@FreeBSD.ORG
Subject: Re: NAT + IPSEC VPN on a floppy?
In-Reply-To: <20010104134932.P38327@terra.ombra.lan>
Message-ID: <Pine.BSF.4.21.0101051942400.1178-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-small@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 4 Jan 2001, John Giacomoni wrote:

> Has antone manged to get this to work?
> 
> I tried ipnat and ipsec, got transport between the two gateways to work,
> but the local gateway seems to eat the packets that are destined for 
> nat'ed machines.

IPSec tunnels have this strange feature where the tunnel endpoints cannot
use the tunnel itself.  The ipsec tunnel hooks into the forwarding code
and I suspect it's hard to activate it the it from the local machine.

Doug White                    |  FreeBSD: The Power to Serve
dwhite@resnet.uoregon.edu     |  www.FreeBSD.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-small" in the body of the message