Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Mar 2004 14:01:45 -0500
From:      Nigel Houghton <nigel@sourcefire.com>
To:        Simon Taylor <Simon.Taylor@corizon.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD ipsec and NAT
Message-ID:  <20040303190145.GA662@enterprise.sfeng.sourcefire.com>
In-Reply-To: <54FEFDDAD23D8A4683BE2F3CD9D1D2A9020AA0@orion.genient.com>
References:  <54FEFDDAD23D8A4683BE2F3CD9D1D2A9020AA0@orion.genient.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
This appears to be off-topic for this list, but here are some resources you might wish to look at...

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html

http://www.freebsddiary.org/ipsec-tunnel.php

http://www.daemonnews.org/200101/ipsec-howto.html

I'm sure there will be more available via Google.

On  0, Simon Taylor <Simon.Taylor@corizon.com> allegedly wrote:
> Hi All,
> I currently have setup a site to site vpn using racoon on my freebsd
> firewall. All is well there and I can connect through the vpn when I am
> on the firewall and get the connection fine.
> Now I want to be able to connect from other machines through the
> firewall - this is where I come unstuck, the ipsec policy allows for my
> external address range to connect through the vpn, but then I would like
> my internal addresses to first get translated and then routed through
> the tunnel. But instead when I connect with my internal addresses they
> get translated, but then try and use the conventional gateway on the
> machine instead of picking up the ipsec policy.
> If that makes sense... I am using FreeBSD, ipf, ipnat and racoon.
> Any help appreciated 
> Simon
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 
-------------------------------------------------------------
Nigel Houghton  Research Engineer   Sourcefire Inc.
                 Vulnerability Research Team

In an emergency situation involving two or more officers of equal rank,
seniority will be granted to whichever officer can program a vcr.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040303190145.GA662>