Date: Mon, 07 Apr 2003 14:29:51 -0700 From: Michael DeMan <michael@staff.openaccess.org> To: <freebsd-net@freebsd.org> Subject: IPSec + NAT Message-ID: <BAB73BDF.31113%michael@staff.openaccess.org>
next in thread | raw e-mail | index | archive | help
Hi All, We need a solution for VPN + NAT for wireless clients. We use ipfilter/ipnat for all our boxes but have been forced I am concerned about the long term management/maintenance issues with some boxes running NATD and others IPNAT, including having staff need to know how to support and debug different configurations and such. Does anybody know of a way to utilize IPSec and IPNAT together? We assign each box two IP addresses, one for the tunnel end point and the other for the tunnel I noticed in the kernel code that I could swap where IPSec and IPFilter does its processing and have IPFilter do its work after IPSec in bound, and before IPSec outbound. I'm not too thrilled with that either since we'd have to fork from the BSD tree and upgrades would start getting tricky. - Mike Michael F. DeMan Director of Technology OpenAccess Internet Services 1305 11th St., 3rd Floor Bellingham, WA 98225 Tel 360-647-0785 x204 Fax 360-738-9785 michael@staff.openaccess.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAB73BDF.31113%michael>