From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 10:57:23 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C924016A4CE for ; Wed, 3 Mar 2004 10:57:23 -0800 (PST) Received: from orion.genient.com (unknown [194.74.225.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A4D943D2D for ; Wed, 3 Mar 2004 10:57:23 -0800 (PST) (envelope-from Simon.Taylor@corizon.com) X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 3 Mar 2004 19:00:14 -0000 Message-ID: <54FEFDDAD23D8A4683BE2F3CD9D1D2A9020AA0@orion.genient.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: FreeBSD ipsec and NAT Thread-Index: AcQBULB7VYWj8mnJTHWINogbxegJ8g== From: "Simon Taylor" To: Subject: FreeBSD ipsec and NAT X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 18:57:23 -0000 Hi All, I currently have setup a site to site vpn using racoon on my freebsd firewall. All is well there and I can connect through the vpn when I am on the firewall and get the connection fine. Now I want to be able to connect from other machines through the firewall - this is where I come unstuck, the ipsec policy allows for my external address range to connect through the vpn, but then I would like my internal addresses to first get translated and then routed through the tunnel. But instead when I connect with my internal addresses they get translated, but then try and use the conventional gateway on the machine instead of picking up the ipsec policy. If that makes sense... I am using FreeBSD, ipf, ipnat and racoon. Any help appreciated=20 Simon