From owner-freebsd-questions@FreeBSD.ORG Sat Oct 18 19:59:49 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B89216A4B3 for ; Sat, 18 Oct 2003 19:59:49 -0700 (PDT) Received: from p1028-ipbffx02marunouchi.tokyo.ocn.ne.jp (p1028-ipbffx02marunouchi.tokyo.ocn.ne.jp [220.111.132.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1E6043F75 for ; Sat, 18 Oct 2003 19:59:47 -0700 (PDT) (envelope-from lukek@meibin.net) Received: (qmail 53694 invoked by uid 89); 19 Oct 2003 02:59:46 -0000 Received: from unknown (HELO ?127.0.0.1?) (192.168.10.35) by 192.168.20.5 with SMTP; 19 Oct 2003 02:59:46 -0000 Date: Sun, 19 Oct 2003 11:59:05 +0900 From: Luke Kearney To: FreeBSD Questions In-Reply-To: References: Message-Id: <20031019115242.BC9A.LUKEK@meibin.net> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Mailer: Becky! ver. 2.07.01 Subject: Re: IPSEC/NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Oct 2003 02:59:49 -0000 The short answer to your question is yes. I don't use NATD I use IPNAT but I am sure the theories are the same. I found that the challenge was to get the port forwarding right. It also makes using dynamic addresses internally a challenge but I cheated and used statics instead. Then again after reading your mail again I am not sure that I completely understand what type of tunnel you are wanting to use. If it is a cisco vpn client you are using then nothing really special needs to be done except to ensure that the return traffic gets redirected properly. If it is the M$ PPTP implementation that is a bit more tricky as you need to ensure that you get inbound traffic on 1723 redirected to your internal machine. If your company uses a neat IPSec implementation then it should be possible with the co-operation of your companies firewall admin to set up the gateway to have an IPSec tunnel to the office and all packets destined for company's network ie 10.0.10.0 routed along the gif interface ( read man gif ) and all other traffic via the normal net. HTH LukeK On Sun, 19 Oct 2003 00:10:11 +0000 cscott@speakeasy.net granted us these pearls of wisdom: > Is it possible for FBSD's nat daemon to route IPSEC traffic properly? What I am trying to do is use my FBSD gateway that already NAT's my dsl connection to allow me to use a IPSEC VPN client to connect to my company's network. I have been through the howto's, and forums, but I am not certain that it can do what I need it to do. > > > Thanks, > Casey > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"