Date: Wed, 30 Apr 2003 16:53:48 -0400 From: Guy Middleton <guy@obstruction.com> To: freebsd-security@freebsd.org Subject: Re: how to configure a FreeBSD firewall to pass IPSec? Message-ID: <20030430165348.A23754@chaos.obstruction.com> In-Reply-To: <44k7dbn7jv.fsf@be-well.ilk.org>;02:50:44PM -0400 References: <20030430094537.A20710@chaos.obstruction.com> <44k7dbn7jv.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 30, 2003 at 02:50:44PM -0400, Lowell Gilbert wrote: > Guy Middleton <guy@obstruction.com> writes: > > > I have a FreeBSD box acting as a firewall and NAT gateway > > > > I would like to set it up to transparently pass IPSec packets -- I have > > an IPSec VPN client running on another machine, connecting to a remote network. > > > > Is there a way to do this? I can't find any hints in the man pages. > > It's impossible. IPSEC can't be passed through a NAT. > > The best you could do would be to terminate the tunnel on the gateway itself. Ok, now I'm confused. The same client (Cisco VPN 3.5 on Windows) works through a LinkSys router / NAT gateway (a BEFSR81) at a different location. The LinkSys even has a friendly little check-box to allow IPSec pass-through. I would like the FreeBSD gateway to work the same way as the LinkSys.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430165348.A23754>